Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 9 contracts
Sources: Merger Agreement (Furneaux Carol), Merger Agreement (Lewis & Clark Ventures I, LP), Merger Agreement (Sagrera Ricardo A.)
Privacy and Data Security. The Company and each of its Subsidiaries have complied with all applicable Laws, contractual obligations, and internal or publicly posted policies, procedures, notices, and statements concerning the collection, acquisition, use, processing, storage, transfer, distribution, dissemination, disclosure, protection and security (a“Data Activities”) In of personally identifiable information of individual natural persons (including any information that alone or in combination with any other information held by the prior three Company and its Subsidiaries, can be used to specifically identify an individual person and any “individually identifiable health information,” “personal data” or “personal information” or similar terms defined under applicable Law (3“Personal Data”) years(such applicable Laws, contractual obligations, and internal or publicly posted policies, procedures notices and statements, collectively the “Data Protection Requirements”) in the conduct of the Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. The Company and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for the Company and its Subsidiaries to the extent required in connection with the operation of the Company’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with not: (i) Contracts (experienced any actual, alleged, or portions thereof) between the Company suspected data breach or its Subsidiaries and other Persons relating to security incident involving Personal Data and in their possession or control; or (ii) applicable written policies, public statements and other public representations relating been subject to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation received any notice of any Privacy Commitments that would be materially adverse to the Company and its Subsidiariesaudit, taken as a whole.
(b) In the prior three (3) yearsinvestigation, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required complaint, or other Legal Action by Privacy Laws, are accurate and complete and are not misleading any Governmental Entity or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to other Person concerning the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard Subsidiaries’ Data Activities in relation to any Personal Data obtained from or on behalf of the Company actual, alleged, or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person suspected violation of any (A) lossData Protection Requirement concerning privacy, theft or damage ofdata security, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated)data breach notification, and to the Company’s Knowledge, there are no material security deficiencies facts or vulnerabilities circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company IT SystemsMaterial Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. Parent and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Appears in 3 contracts
Sources: Merger Agreement (Icon PLC), Merger Agreement (PRA Health Sciences, Inc.), Merger Agreement (Icon PLC)
Privacy and Data Security. (a) In The Company and its Subsidiaries are, and at all times in the prior past three years have been, in compliance in all material respects with all (3i) yearsapplicable Information Privacy and Security Laws; (ii) published policies or notices relating to the Company’s and its Subsidiaries’ collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any Contracts to which the Company and/or any of its Subsidiaries are bound; and (iv) industry standards and/or codes-of-conduct to which the Company and/or any of its Subsidiaries are legally bound relating to the Company’s or any of its Subsidiaries’ Processing of Personal Information (collectively, “Privacy Requirements”).
(b) Neither the Company nor any of its Subsidiaries has received any subpoenas, demands, or other written notices from any Governmental Entity or other entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Information Privacy and Security Laws. To the Company’s knowledge, neither the Company nor any of its Subsidiaries is under investigation by any Governmental Entity or other entity for any actual or potential violation of any Information Privacy and Security Laws.
(c) The Company and its Subsidiaries have been in compliance each taken commercially reasonable steps, materially compliant with applicable Privacy LawsRequirements, and in all material respects with designed to protect (i) Contracts the operation, confidentiality, integrity, and security of the Company’s and its Subsidiaries’ software, systems, and websites (or portions thereof“IT Assets”) between that are involved in the Company or its Subsidiaries and other Persons relating to Processing of Personal Data Information, and (ii) applicable written policies, public statements and other public representations relating to Personal Information in the Processing Company’s or any of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries’ possession and/or control from unauthorized use, taken as a wholeaccess, disclosure, deletion, and/or modification.
(bd) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to To the Company’s knowledge, threatened against or involving neither the Company or nor any of its Subsidiaries initiated by has experienced any Person (including (i) the Federal Trade Commissionfailures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents related to Personal Information that would require notification of individuals, law enforcement, any state attorney general Governmental Entity, customers, vendors, or similar state officialany others under any applicable Privacy Requirements. The Company has not received written notice of any complaints, (ii) any Actions, fines, or other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of penalties facing the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors Subsidiaries in connection with regard any such failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents.
(e) To the extent required by applicable Information Privacy and Security Laws, the Company and each of its Subsidiaries have obligated all of their applicable vendors and data processors authorized to any process Personal Data obtained from or Information on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries, including, without limitation, contract research organizations and clinical investigators, to be bound by contractual terms relating to the protection and Processing of Personal Information; and neither the Company nor any of its Subsidiaries has notified or been required to notify any Person is aware of any violations of such contractual obligations.
(Af) lossTo the Company’s knowledge, theft or damage ofthe Personal Information in the possession, or (B) other unauthorized or unlawful access tocustody, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each and/or control of the Company and each of its Subsidiaries has implemented commercially reasonable administrative, physical can be transferred as part of the Mergers and technical safeguardsthe other transactions contemplated by this Agreement, and ensures that its contractors processing Personal Data take such safeguards to protect can be used after the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of Closing in a manner substantially the same as currently used by the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its applicable Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 2 contracts
Sources: Merger Agreement (Coherus BioSciences, Inc.), Merger Agreement (Surface Oncology, Inc.)
Privacy and Data Security. (a) In During the prior past three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical complied with (i) applicable Privacy Laws; (ii) the Company’s published and technical safeguards, posted policies relating to the Company and ensures that its contractors Subsidiaries’ processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security IncidentInformation, including taking all reasonable steps as applicable to safeguard and back up Personal Data.
(e) Each each of the Company and any of its Subsidiaries; and (iii) applicable terms of any Contracts relating to privacy, security, collection or use of Personal Information of any individuals (including clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists) that interact with Company or any of its Subsidiaries owns or has a license or other right to use in connection with the Company IT Systems as necessary to operate operation of the Company’s and its Subsidiaries’ business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (collectively, (i) free from any defect– (iii), bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear“Data Protection Requirements”), except in each case of clauses (i) and (ii)for such noncompliance as has not had, as is not and would not reasonably be expected to behave, individually or in the aggregate, material a Company Material Adverse Effect. To the knowledge of the Company, during the past three (3) years, no claims have been asserted or threatened against the Company by any Person alleging a violation of the Data Protection Requirements. Except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption knowledge of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In Company, during the past three (3) years, there have been no data security incidents or personal data breaches related to Personal Information in the custody or control of the Company or any service provider acting on behalf of the Company.
(except b) Except as would not reasonably be expected to have, individually or in the extent completely remediated)aggregate, a Company Material Adverse Effect, the information technology assets and equipment of the Company and its Subsidiaries (collectively, “Company IT Systems”) are adequate for, and operate and perform in all respects as required in connection with the operation of the business of the Company and its Subsidiaries as currently conducted, and to the knowledge of the Company’s Knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its Subsidiaries have implemented and maintain commercially reasonable physical, technical and administrative safeguards designed to protect Personal Information processed by the Company and its Subsidiaries, any other material confidential information and the integrity and security of Company IT Systems used in connection with their businesses, and during the past three (3) years, there are have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material security deficiencies cost or vulnerabilities in the Company IT Systemsliability.
Appears in 2 contracts
Sources: Merger Agreement (XOMA Royalty Corp), Merger Agreement (HilleVax, Inc.)
Privacy and Data Security. (ai) In Each of the prior three (3) years, the Company Company’s and its Subsidiaries have been in compliance with Privacy LawsSubsidiaries’ receipt, collection, monitoring, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal and security of Protected Information has complied, and complies in all material respects with (iA) Contracts (any privacy- or portions thereof) between the Company data security-related provisions of agreements or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement contracts to which the Company or a Subsidiary is or will be a party, (B) applicable privacy and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy data security Laws, are accurate and complete (C) applicable policies and are not misleading or deceptive (including procedures adopted by omission). The practices of the Company or its Subsidiaries with respect a Subsidiary relating to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending orProtected Information, to the Company’s knowledge, threatened against or involving including any privacy policy made available by the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse EffectSubsidiary. Each of the Company and its Subsidiaries has implemented adopted commercially reasonable administrativepolicies and procedures relating to privacy, physical data protection, data security and technical safeguards, the collection and ensures that its contractors processing Personal Data take such safeguards to protect use of Protected Information gathered or accessed in the confidentiality, integrity and security course of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each the operations of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and Subsidiaries.
(ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), Except as is not and would not reasonably be expected to be, individually or in the aggregate, be material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not has been any material failures, breakdowns or continued substandard performance no data security breach of any Company IT Systems that have caused a material failure Assets or disruption unauthorized access, use or disclosure of any Protected Information owned, transmitted, stored, received, or controlled by or on behalf of the Company or any of its Subsidiaries, including any unauthorized access, use or disclosure of Protected Information that would constitute a breach for which notification to individuals, customers or Governmental Entities is required under any applicable privacy and data security Laws or contracts or agreements to which the Company or any of its Subsidiaries is a party.
(iii) The IT Systems Assets have not materially malfunctioned or failed since January 1, 2013. The IT Assets do not contain any viruses, bugs, vulnerabilities, faults or other than routine failures devices or disruptions effects that have been remediated could (i) enable or assist any person to access without authorization the IT Assets or any information in the Ordinary Course IT Assets, or (ii) otherwise significantly adversely affect the functionality of Businessthe IT Assets, except as disclosed in their documentation. In the past three (3) yearsThe Company and its Subsidiaries have implemented reasonable backup, there have been no (except to the extent completely remediated)security and disaster recovery technology, plans, procedures and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsfacilities.
Appears in 2 contracts
Sources: Merger Agreement (Cyan Inc), Merger Agreement (Ciena Corp)
Privacy and Data Security. (a) In Each of the prior three (3) yearsAcquired Companies is currently complying and has, the Company and its Subsidiaries have been in compliance with Privacy Lawssince January 1, and 2017 complied in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries all applicable Privacy and other Persons relating to Personal Data and (ii) applicable written policiesInformation Security Laws, public statements and other public representations including Laws relating to the Processing privacy of Personal DataInformation regarding clinical trial participants, inclusive patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers and pharmacists that interact with any of all disclosures required the Acquired Companies in connection with the operation of the Acquired Companies’ business. To the Knowledge of the Company, no investigations, claims or complaints are pending or have been threatened against the Acquired Companies by applicable Privacy Laws (“any Person regarding a violation of Privacy and Data Information Security Policies,Laws, and/or other information security policies. None of the Acquired Companies is a “covered entity” and together with Privacy Laws and such Contracts, or “Privacy Commitments”)business associate” for purposes of HIPAA. The executionAcquired Companies have provided all requisite notices, delivery and performance by the Company of this Agreement to which the Company is or will be a partyobtained all required consents, and satisfied all other material requirements for their processing of Personal Information for the conduct of business as currently conducted and in connection with the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeContemplated Transactions.
(b) In the prior three (3) yearsThe Acquired Companies have adopted reasonable and appropriate, the Privacy organizational, physical, administrative and Data Security Policies have at all times been maintained and made available to individuals in accordance technical measures consistent with reasonable industry practices to protect Personal Information and protect against Security Incidents (as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omissiondefined below). The practices Without limitation to the generality of the Company foregoing, such measures are appropriate to protect the Personal Information collected, stored, or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data otherwise processed by or on behalf of the Acquired Companies, the confidential or proprietary information of or related to their businesses, and the Company IT Systems from unauthorized access, acquisition, interruption, alteration, modification, use or its Subsidiaries is other processing, or was in violation any other compromise of their confidentiality, integrity or availability (any such incident a “Security Incident”). Except as expressly disclosed pursuant to Section 3.17 of the Company Disclosure Schedule, since January 1, 2017, none of the Acquired Companies (nor, to the Knowledge of the Company, any Third Parties acting on their behalf) have experienced any actual or alleged Security Incident, and none of the Acquired Companies (nor, to the Knowledge of the Company, any Third Parties acting on their behalf) have notified, or been required to notify, any person of any Privacy CommitmentsSecurity Incident or other event involving Personal Information that is in the custody, possession or control of any of the Acquired Companies. To In addition, to the Knowledge of the Company’s Knowledge, there are no factsindividuals or Third Parties (including any threat actors described in Section 3.17 of the Company Disclosure Schedule) have ongoing unauthorized access to Company IT Systems, circumstances and to the Knowledge of the Company, none of the Acquired Companies or conditions Company IT Systems have any information security vulnerabilities that would reasonably be expected to form materially adversely impact the basis for any proceeding for any potential violation operation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the relevant Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as cause a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsSecurity Incident.
Appears in 2 contracts
Sources: Merger Agreement (BioNTech SE), Merger Agreement (Neon Therapeutics, Inc.)
Privacy and Data Security. (a) In Except as would not be material to the prior three (3) yearsGroup Companies, taken as a whole, each Group Company complies, and since January 1, 2018 has complied, with all applicable Privacy Laws, with Privacy Policies, and with applicable contractual obligations of the Company and its Subsidiaries have been in compliance with Privacy Lawsgoverning privacy, data protection, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries data security with respect to the Processing of Personal Data conform in all by the Company and its Subsidiaries. To the knowledge of the Company, neither the execution of this Agreement nor the consummation of the Transactions constitutes a material respects breach or violation of any applicable Privacy Law, any applicable Privacy Policy, or any applicable contractual obligations of the Company and its Subsidiaries governing privacy, data protection, and data security with respect to the Privacy Processing of Personal Data by the Company and Data Security Policies that govern such Personal Data.
its Subsidiaries. From January 1, 2018 until the date hereof, except as set forth in Section 3.15 of the Company Disclosure Schedule, there is no, and has not been any, (ci) There is (and in the prior three years there has been) no material Legal Proceeding Action of any nature pending or, to the knowledge of the Company’s knowledge, threatened against or involving the Company or any of its Subsidiaries initiated by any Person (including (i) relating to privacy, data protection, or data security with respect to the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by the Company and its Subsidiaries; (ii) written notice of any actual or on behalf asserted noncompliance with any Law to which the Company or any of its Subsidiaries are subject relating to privacy, data protection, or data security with respect to the Processing of Personal Data by the Company; or (iii) known data breach or data security incident that compromised the data security of the Company or its Subsidiaries is and impacted compliance with applicable Privacy Law by the Company or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitmentsits Subsidiaries.
(db) In the prior three (3) years, The Company and its Subsidiaries have taken commercially reasonable steps to (i) there has been no implement and maintain sufficient technical and organizational measures in compliance with applicable Privacy Laws, designed to preserve and protect the confidentiality, availability, security (including disaster recovery), and integrity of all Systems and Personal Data within the possession or control of the Company and its Subsidiaries; (ii) implement and maintain commercially reasonably sufficient disaster recovery programs and mechanism and business continuity plans for their business; and (iii)defend against any security breach (x) resulting in any unauthorized access to, or unauthorized useacquisition of, disclosure, or Processing of any Personal Data in within the possession or control of the Company or any of its Subsidiaries or any of its contractors with regard (y) which required a regulatory notification or reporting to any Personal Data obtained from or on behalf Governmental Authority.
(c) The Company and its Subsidiaries have taken commercially reasonable steps to (i) ensure the IT Assets of the Company or and its Subsidiaries (“Security Incident”), are reasonably adequate and sufficient to protect the privacy and confidentiality of all Personal Data in compliance with reasonable industry practices and all applicable Privacy Laws and (ii) there implement and maintain reasonable technical and organizational measures in compliance with applicable cybersecurity Laws (including but not limited to Privacy Laws), that are designed to preserve and protect the cybersecurity of all IT Asset and Systems within the possession or control of the Company and its Subsidiaries. Except as set forth in Section 3.15 of the Company Disclosure Schedule or as would not reasonably be expected to have been a Company Material Adverse Effect, no unauthorized intrusions person (including any Governmental Authority) has made any claim or breaches of security into commenced any proceeding against the Company IT Systems, and (iii) none of or any Third Party service provider to the Company or any of its Subsidiaries has notified or been required with respect to notify any Person of any (A) loss, theft damage or damage ofunauthorized access, or (B) other unauthorized or unlawful access todisclosure, or use, disclosure modification or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security misuse of Personal Data against by the Company, any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been or any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemstheir respective service providers.
Appears in 2 contracts
Sources: Merger Agreement (Yan Rick), Merger Agreement (51job, Inc.)
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices Each member of the Company or its Subsidiaries Group, and, to the Knowledge of the Company, all affiliates and/or third parties with respect to the Processing of Personal Information on behalf of, and/or sharing Personal Information with, the Company Group (collectively, “Data conform in Partners”), comply and have for the last three (3) years complied with all material respects applicable (i) Privacy Laws, (ii) policies, notices, and/or statements related to privacy, security, or the Processing of Personal Information (each, a “Privacy Policy”), and (iii) contractual commitments related to privacy, security, or the Processing of Personal Information (collectively, the “Privacy Requirements”). Each member of the Company Group has for the last three (3) years provided a Privacy Policy to individuals prior to the collection of any Personal Information, and all such Privacy Policies are and Data Security Policies that govern have for the last three (3) years been materially accurate and, to the Knowledge of the Company, not misleading or deceptive, including by omission.
(b) The execution, delivery, and performance of this Agreement and the Transactions do not and will not: (i) conflict with or result in a material violation or breach of any Privacy Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal DataInformation; (iii) give rise to any right of termination or other right to impair or limit the Purchaser’s rights to own and Process any Personal Information used in or necessary for the operation of the Company Group’s business; or (iv) otherwise prohibit the transfer of Personal Information to the Purchaser.
(c) There is The Company Group has for the last three (3) years had contracts in place with all Data Partners, which impose on such Data Partners obligations related to privacy, security, and the Processing of Personal Information that, at a minimum, comply with Privacy Requirements. The Company Group takes commercially reasonable steps to monitor all Data Partners to verify their compliance with Privacy Requirements.
(d) The Company Group has for the last three (3) years implemented, maintained, and complied with, and required all Data Partners to at all times implement, maintain, and comply with, technical, physical, and organizational measures, plans, procedures, controls, and programs, including a written information security program, that comply with Privacy Requirements and are designed to protect Personal Information and confidential information against a Security Incident. The Company Group regularly evaluates its written information security program through commercially reasonable security audits, penetration testing, and/or vulnerability scanning. Such activities may identify potential vulnerabilities; however, certain identified items may, upon review, be determined to be inapplicable, not reasonably capable of remediation, or otherwise not presenting a material risk in the prior three years there context of the Company Group’s operations. The Company Group has been) no material Legal Proceeding pending oraddressed, all high, or critical vulnerabilities determined to be applicable and reasonably remediable. Neither the Company Group, nor, to the Knowledge of the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Data Partner with respect to its Processing of Personal Data by or Information on behalf of the Company or its Subsidiaries is or was in violation of Group, has experienced any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSecurity Incidents.
(de) In relation to any Security Incident and/or actual or alleged violation of a Privacy Requirement, neither the prior three (3) yearsCompany Group nor, to the Knowledge of the Company, any Data Partner has (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person or (ii) received any notice, inquiry, request, claim, complaint, correspondence, or other communication from, or, to the Knowledge of the Company, been the subject of any (A) lossinvestigation or enforcement action by, theft any Person. To the Knowledge of the Company, there are no facts or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case circumstances that could give rise to the occurrence of clauses (i), ) or (ii), and .
(iii), as would not have a f) The Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented Group maintains insurance coverage containing commercially reasonable administrative, physical policy terms and technical safeguards, and ensures limits that its contractors processing Personal Data take such safeguards are reasonable to protect the confidentiality, integrity and security risk of Personal Data against liability relating to any Security Incident, including taking all reasonable steps to safeguard and back up unauthorized Processing of Personal Data.
(e) Each Information, or violation of the Company Privacy Requirements, and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that no claims have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediatedmade under such insurance policy(ies), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 2 contracts
Sources: Equity Purchase Agreement (Lincoln International, Inc.), Equity Purchase Agreement (Lincoln International, Inc.)
Privacy and Data Security. (a) In Except as would not result in Liabilities that are material to the prior three Target Companies taken as a whole, to the extent that a Target Company collects any personally identifiable information (3“PII”) yearsfrom third party individual persons as of the date of this Agreement, such Target Company has a privacy policy (which may be a group wide policy covering affiliated entities) regarding the collection, use and disclosure of such PII in connection with the operation of the its business as conducted as of the date of this Agreement, and each Target Company is and its Subsidiaries have has been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating any such privacy policy applicable to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeit.
(b) In Except as would not result in Liabilities that are material to the prior three (3) yearsTarget Companies taken as a whole, the Privacy and Data Security Policies all Target Companies have complied at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to with all applicable Laws regarding the Privacy collection, retention, use and Data Security Policies that govern protection of personal information. There is no claim pending or threatened in writing against any Target Company regarding any violation of or noncompliance with such Personal Dataapplicable Laws.
(c) There is (and Except as would not result in the prior three years there has been) no Liabilities that are material Legal Proceeding pending or, to the Company’s knowledgeTarget Companies taken as a whole, threatened against or involving the Target Companies are in compliance with the terms of all contracts to which such Target Company or its Subsidiaries initiated by any Person Target Companies are a party related to data privacy, security or breach notification (including (i) provisions that impose conditions or restrictions on the Federal Trade Commissioncollection, any state attorney general use, disclosure, transmission, destruction, maintenance, storage or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing safeguarding of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitmentspersonal information).
(d) In To the prior three (3) yearsKnowledge of the Company, (i) there has been no unauthorized access tonone of the Target Companies have experienced any loss, damage, or unauthorized useaccess, disclosure, use or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches breach of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) lossPII in their possession, theft custody or damage ofcontrol, or (B) other unauthorized otherwise held or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Dataprocessed on their behalf.
(e) Each To the Knowledge of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defectCompany, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past last three (3) years, there have has been no unauthorized material access, intrusion or breach of security, or material failure, breakdown, performance reduction or other adverse event affecting any of the Target Company’s systems, that has caused or could reasonably be expected to cause any: (except i) material disruption of or interruption in or to the extent completely remediated)use of such systems or the conduct of the business of any Target Company ; or (ii) material loss, destruction, damage or harm to any Target Company or any of their material operations, personnel, property or other material assets. Each Target Company has taken reasonable actions, consistent with industry practices, to protect the integrity and to security of the Target Company’s Knowledge, there are no material security deficiencies or vulnerabilities in systems and the Company IT Systemsdata and other information stored thereon.
Appears in 2 contracts
Sources: Business Combination Agreement (TradeUP Global Corp), Business Combination Agreement (Far Peak Acquisition Corp)
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all Except as would not be material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Company and the Company Subsidiaries have been and are in compliance in all material respects with all applicable Privacy and Data Security Policies Laws, any internal and external policies relating to privacy or data security, any contractual obligations relating to privacy, data security or Processing of Personal Information binding on the Company or Company Subsidiaries, and any applicable industry standards or self-regulatory standards relating to privacy or data security binding on the Company or Company Subsidiaries (collectively with Privacy and Data Security Laws, “Privacy and Data Security Obligations”). Except as, individually or in the aggregate, does not constitute a Material Adverse Effect, the Company and the Company Subsidiaries have a valid and legal right (whether contractually, by law, or otherwise) to access or use any and all Company Data (including any Personal Information contained therein) received, Processed, used or disclosed by or on behalf of the Company or the Company Subsidiaries in connection with the use or operation of its products, services and business. Except as, individually or in the aggregate, does not constitute a Material Adverse Effect, (a) the Company and Company Subsidiaries have provided any and all necessary notices, obtained any and all necessary consents or other forms of authorization required for the Processing of Personal Information, and honored any and all opt-out requests or privacy choices made by a Person in accordance with applicable Privacy and Data Security Obligations; and (b) the Company’s and Company Subsidiaries’ use of cookies or other forms of tracking technologies, including but not limited to session replay software, comply with and have at all times been maintained and made available to individuals in accordance complied with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the applicable Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no Obligations. Except as would not be material Legal Proceeding pending or, to the Company’s knowledgeCompany and its Subsidiaries, threatened taken as a whole, the Company and the Company Subsidiaries have not received any notification of any complaint, audit, investigation, inquiry, claim, suit, action or other legal proceeding asserted against or involving the Company or its the Company Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state officialPerson, (ii) any other Governmental authority, foreign or domestic Authority or (iii) any regulatory or self-regulatory entity) entity alleging that any Processing of Personal Data by activity or on behalf conduct of the Company or its the Company Subsidiaries is or was in violation of applicable Privacy and Data Security Obligations and have no Knowledge of any facts or circumstances that, individually or in the aggregate, would reasonably indicate material non-compliance of applicable Privacy Commitments. To and Data Security Obligations by the Company’s Knowledge, Company and Company Subsidiaries and there are no factspending, circumstances or conditions that would reasonably be expected to form nor have there been in the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior past three (3) years, (i) there has been no unauthorized access tocomplaints, actions, suits, audits, investigations, inquiries, claims, suits, actions or unauthorized use, disclosure, other proceedings by or Processing of Personal Data in the possession before any court or control of Governmental Authority or body threatened against the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“alleging non-compliance with any Privacy and Data Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of Obligations. Except as would not be material to the Company or any of and its Subsidiaries, taken as a whole, the Company and the Company Subsidiaries has notified or been required to notify any Person of any have at all times (A) lossimplemented and maintain a written information security program designed to protect and appropriate to the level of risk posed to Company Systems and Company Data (and any Personal Information contained therein), theft or damage of, or including against Security Events and (B) other unauthorized taken reasonable steps to ensure that any third party or unlawful subcontractor with access to, to any Company Systems or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), Company Data has implemented and (iii), maintain the same. Except as would not be material to the Company and its Subsidiaries, taken as a whole, the Company and the Company Subsidiaries, as part of its written information security program, have a established and maintain commercially reasonable information technology, information security, cyber security and data protection controls, policies and procedures (including incident response, disaster recovery and business continuity plans and procedures) consistent with industry practice and applicable Privacy and Data Security Obligations; and for the past three (3) years the Company Material Adverse Effect. Each Systems (I) have not experienced any material failure, breakdown, or other adverse event, (II) have been and are sufficient and adequate for the needs of the business of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error presently conducted and (iiIII) are in sufficiently good working condition to effectively perform all information technology operations and include sufficient licensed capacity (whether in terms of authorized sites, units, users, seats or otherwise), in each case, as necessary for the operation of businesses conduct of the business as currently conducted. To the Company’s knowledge there are no material bugs, backdoors, Trojan Horses, worms, spyware, viruses, malware, malicious computer code or other similar programs or defects in the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and Systems that would not reasonably be expected to because material harm or unauthorized disruption, individually access or in the aggregate, other breach to any Company System. Except as would not be material to the Company and its Subsidiaries, taken as a whole. In , to the prior three yearsCompany’s knowledge, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In for the past three (3) years, there (1) the Company and Company Subsidiaries have not been no subject to a cybersecurity breach, any loss, theft or misuse of, or any unauthorized access to, use, Processing or disclosure of Personal Information (except to the extent completely remediatedcollectively, “Security Event”), and to the Company’s Knowledge, there are (2) no material security deficiencies or vulnerabilities in circumstances have arisen that would require the Company IT Systemsor the Company Subsidiaries to notify a Governmental Authority or a Person of a Security Event.
Appears in 2 contracts
Sources: Senior Preferred Stock Purchase Agreement (SelectQuote, Inc.), Senior Preferred Stock Purchase Agreement (SelectQuote, Inc.)
Privacy and Data Security. (a) In the prior three (3) years, the Company Homology and its Subsidiaries have been in compliance complied with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation applicable terms of any Privacy Commitments that would be materially adverse Homology Contracts relating to the Company and its Subsidiariesprivacy, taken as a whole.
(b) In the prior three (3) yearssecurity, the Privacy and Data Security Policies have at all times been maintained and made available to collection or use of Personal Information of any individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company clinical trial participants, patients, patient family members, caregivers or its Subsidiaries advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists) that interact with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company Homology or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for connection with the operation of businesses of the Company Homology’s and its Subsidiaries (Subsidiaries’ business, except for ordinary wear and tear)such noncompliance as has not had, except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to behave, individually or in the aggregate, material a Homology Material Adverse Effect. To the Knowledge of Homology, Homology has implemented and maintains reasonable written policies and procedures, satisfying the requirements of applicable Privacy Laws and Homology Contracts, concerning the privacy, security, collection and use of Personal Information (“Homology Privacy Policies”) and has complied with the same, except for such noncompliance as has not to the Company Knowledge of Q32 had, and would not reasonably be expected to have, individually or in the aggregate, a Q32 Material Adverse Effect. To the Knowledge of Homology, as of the date hereof, no claims have been asserted or threatened against Homology by any Person alleging a violation of Privacy Laws, Privacy Policies and/or the applicable terms of any Homology Contracts relating to privacy, security, collection or use of Personal Information of any individuals and Homology has not received written notice of any of the same. To the Knowledge of Homology, there have been no data security incidents, personal data breaches or other adverse events or incidents related to Personal Information or Homology data in the custody or control of Homology or any service provider acting on behalf of Homology, in each case where such incident, breach or event would result in a notification obligation to any Person under applicable law or pursuant to the terms of any Homology Contract.
(b) The information technology assets and equipment of Homology and its Subsidiaries (collectively, “Homology IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of Homology and its Subsidiaries as currently conducted, and to the Knowledge of Homology, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. Homology and its Subsidiaries have implemented and maintain commercially reasonable physical, technical and administrative safeguards to protect Personal Information processed by or on behalf of Homology and its Subsidiaries, taken as a whole. In any other material confidential information and the prior three years, there have not been any material failures, breakdowns or continued substandard performance integrity and security of any Company Homology IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated used in the Ordinary Course of Business. In connection with their businesses, and during the past three (3) years, there have been no (breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsnotify any other Person.
Appears in 2 contracts
Sources: Merger Agreement (Homology Medicines, Inc.), Merger Agreement (Homology Medicines, Inc.)
Privacy and Data Security. (a) In During the prior past three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation knowledge of the transactions contemplated hereby or therebyCompany, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical materially complied with (i) applicable Privacy Laws; (ii) the Company’s publicly published and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards posted policies relating to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right Subsidiaries’ Processing of Personal Information; and (iii) applicable material terms of any Contracts relating to use the Company IT Systems as necessary to operate the business Processing of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are Personal Information (collectively, (i) free from any defect– (iii), bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear“Data Protection Requirements”), except in each case of clauses (i) and (ii)for such noncompliance as has not had, as is not and would not reasonably be expected to behave, individually or in the aggregate, a Company Material Adverse Effect. To the knowledge of the Company, during the past three (3) years, no material claims have been asserted or threatened in writing against the Company by any Person alleging a violation of the Data Protection Requirements. Except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption knowledge of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In Company, during the past three (3) years, there have been no material personal data breaches related to Personal Information in the custody or control of the Company requiring notifications to any individuals or authorities.
(except b) Except as would not reasonably be expected to have, individually or in the extent completely remediated)aggregate, a Company Material Adverse Effect, the information technology assets and equipment of the Company and its Subsidiaries (collectively, “Company IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its Subsidiaries as currently conducted, and to the knowledge of the Company’s Knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its Subsidiaries have implemented and maintain commercially reasonable physical, technical and administrative safeguards designed to protect Personal Information Processed by the Company and its Subsidiaries, and during the past three (3) years, to the knowledge of the Company, there are have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material security deficiencies cost or vulnerabilities in the Company IT Systemsliability.
Appears in 2 contracts
Sources: Merger Agreement (Kezar Life Sciences, Inc.), Merger Agreement (Aurinia Pharmaceuticals Inc.)
Privacy and Data Security. (a) In Except as would not reasonably be expected to be material to the prior three (3) yearsGroup Companies, taken as a whole, the Company and its Subsidiaries have been in compliance with Privacy LawsGroup Companies comply, and since January 1, 2018 have complied, in all material respects with all: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and applicable Privacy Laws; (ii) applicable written policiesobligations imposed upon the Group Company regarding Personal Information under any Contracts; (iii) internal and public-facing privacy, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation data handling and/or data security policies of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation Group Company; and (iv) applicable data privacy rules of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeapplicable self-regulatory organizations.
(b) In To the prior three (3) yearsCompany’s knowledge, each of the Privacy Group Companies has established commercially reasonable technical and Data Security Policies have at all times been maintained organizational measures to safeguard the security, confidentiality, integrity and made available to individuals availability of IT Assets and Personal Information, in its possession, custody, or under its control, in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Dataapplicable laws.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to To the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including : (i) no Group Company has suffered any material security breach with respect to any Personal Information and/or with respect to the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) IT Assets and there has been no material misuse of, or unauthorized Processing of, access to, or unauthorized usedisclosure of, disclosure, or Processing of any Personal Data Information in the possession possession, custody, or control of the Company or its Subsidiaries or any of its contractors with regard to any the Group Companies or Processed by the Group Companies (each, a “Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security IncidentInformation Breach”), ; (ii) there none of the Group Companies have been no unauthorized intrusions experienced any information security incidents that have materially compromised the integrity or breaches availability of security into any Company the IT Systems, Assets or the data thereon; and (iii) none of the Company or any of its Subsidiaries has notified or Group Companies have been legally required to notify provide any notices to any Person as a result of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal DataInformation Breach.
(ed) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems Except as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, be material to the Company and its SubsidiariesGroup Companies, taken as a whole. In , the prior three yearsCompany warrants that, there since January 1, 2018, each of the Group Companies ensure all cross border transfers of Personal Information are compliant with applicable Privacy Laws in all material respects.
(e) Except as would not reasonably be expected to be material to the Group Companies, taken as a whole, the Company warrants that, since January 1, 2018, each of the Group Companies which have distributed marketing communications to any Person are compliant with applicable Privacy Laws in all material respects.
(f) The Group Companies have not been intentionally sold or rented and are not sharing or renting to third parties any material failures, breakdowns or continued substandard performance Personal Information.
(g) None of the Group Companies has received any written notice of any Company IT Systems that have caused a material failure claims, investigations, or disruption alleged violations of Privacy Laws with respect to Personal Information possessed by the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsGroup Companies.
Appears in 2 contracts
Sources: Business Combination Agreement (Valens Semiconductor Ltd.), Business Combination Agreement (PTK Acquisition Corp.)
Privacy and Data Security. (a) In The Company and the prior three Company Subsidiaries comply, and have since January 1, 2015, complied, in all material respects, with all (3A) yearsapplicable laws, statutes, directives, rules and regulations, (B) contractual obligations (including, but not limited to, those with identified customers), (C) internal and public-facing privacy, data handling and/or security policies of the Company and its the Company Subsidiaries, (D) public statements that the Company and the Company Subsidiaries have been in compliance with Privacy Lawsmade regarding their respective privacy, data handling and/or data security policies or practices, (E) the Payment Card Industry — Data Security Standards and in all material respects with (iF) Contracts (or portions thereof) between rules of applicable self-regulatory organizations to which the Company or its and the Company Subsidiaries and other Persons purport to be bound, relating to (x) the privacy of users of any web properties, products and/or services of the Company and the Company Subsidiaries; (y) the collection, use, storage, retention, disclosure, transfer, disposal, or any other processing of any Personal Data Information collected or used by the Company and the Company Subsidiaries and/or by third parties having access to such information; and (iiz) applicable written policiesthe transmission of marketing and/or commercial messages through email ((A) through (E) collectively, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Company Privacy Laws and such Contracts, “Privacy CommitmentsRequirements”). The execution, delivery and performance of this Agreement by the Company of this Agreement to which and the Company is or will be a party, Subsidiaries complies in all material respects with all Company Privacy Laws and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeRequirements.
(b) In The Company maintains privacy policies that describe the prior three (3) years, the Privacy Company’s and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries Subsidiaries’ policies with respect to the Processing collection, use, storage, retention, disclosure, transfer, disposal or other processing of Personal Data conform Information. True and correct copies of such privacy policies have been made available to Parent or its Representatives. To the Knowledge of the Company, each such privacy policy has, since January 1, 2015, included all information and made all disclosures to users or customers required by all Company Privacy Laws and Requirements, and none of such disclosures made or contained in all any such privacy policy or in any such materials has been inaccurate in any material respects to the respect, misleading or deceptive or in violation of any Company Privacy Laws and Data Security Policies that govern such Personal DataRequirements.
(c) There is (and in To the prior three years there has been) no material Legal Proceeding pending or, to Knowledge of the Company’s knowledge, threatened against there is no written complaint to, or involving any audit, formal proceeding, or suit currently pending against, the Company or its and the Company Subsidiaries initiated by any Person (including (i) private party, the Federal Trade Commission, any state attorney general or similar state official, (ii) or any other Governmental authorityEntity, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of domestic, with respect to the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledgecollection, there are no factsuse, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized useretention, disclosure, transfer, storage or Processing disposal of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”)Information, (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, reasonably be expected to be material to the Company and its the Company Subsidiaries, taken as a whole. In The Company and the prior three yearsCompany Subsidiaries have, there have not been any material failuressince January 1, breakdowns 2015, taken commercially reasonable steps (including implementing and monitoring compliance with reasonable measures with respect to technical and physical security) designed to protect Personal Information against loss and against unauthorized access, use, modification, disclosure or continued substandard performance of other misuse.
(d) To the extent that Company or any Company IT Systems that Subsidiary transfers Personal Information collected from natural persons outside of the United States, Company has implemented mechanisms to comply in all material respects with applicable Company Privacy Laws and Requirements.
(e) The Company and the Company Subsidiaries have caused established and are in material compliance with a material failure or disruption written information security program that: (i) includes administrative, technical and physical safeguards designed to safeguard the security, confidentiality, and integrity of Personal Information; and (ii) is designed to protect against unauthorized access to the Company IT Systems other than routine failures or disruptions Personal Information and the systems of any third party service providers that have been remediated access to Company IT Systems and/or Personal Information. Except as set forth in Section 3.18(e) of the Company Disclosure Letter, neither the Company nor any of the Company Subsidiaries have, since January 1, 2015, suffered any material loss, damage, or unauthorized access, disclosure, use or breach of security with respect to any Personal Information in the Ordinary Course control or possession of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsor any Company Subsidiary.
Appears in 2 contracts
Sources: Merger Agreement (Twilio Inc), Merger Agreement (SendGrid, Inc.)
Privacy and Data Security. (a) In None of the prior three Company or any of its affiliates is a “covered entity” or is engaging in activities that make it a “business associate” as those terms are defined in the Health Insurance Portability and Accountability Act and the regulations promulgated thereunder and codified at 45 C.F.R. Parts 160 and 164 (3) yearscollectively, “HIPAA”). Since, January 1, 2020, the Company and its Subsidiaries have the Company Subsidiary has been in compliance with applicable Privacy Laws and, to the knowledge of the Company, the Company is not under investigation by any Governmental Entity for a violation of such Privacy Laws, except, in each case, as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.
(b) At all times since January 1, 2020, the Company and in all material respects with (i) Contracts (Company Subsidiary have provided appropriate notice and obtained any necessary consents from Persons required for the processing of Personal Data as conducted by or portions thereof) between for the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policiesthe Company Subsidiary, public statements and other public representations relating in each case to the Processing of Personal Data, inclusive of all disclosures extent required by applicable Privacy Laws Laws, except where the failure to do so would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. The Company and the Company Subsidiary have in place all legally required, and have complied in all respects with each of their respective, written and published policies and procedures concerning the privacy and security of Personal Data (the “Privacy and Data Security Policies,” and together with ”), except where the failure to do so would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. Since January 1, 2020, neither the Company nor the Company Subsidiary have received, in writing, any asserted or threatened claims by any Person alleging a violation of Privacy Laws and/or Privacy Policies. To the knowledge of the Company, the Transactions and such Contracts, “Privacy Commitments”). The the execution, delivery and performance by the Company of this Agreement to which the Company is will not cause, constitute or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a breach or violation of any applicable Privacy Commitments that Law or Privacy Policies, except where such failure to comply would not reasonably be materially adverse expected to have, individually or in the aggregate, a Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal DataMaterial Adverse Effect.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending orAt all times since January 1, to the Company’s knowledge2020, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) and the Federal Trade CommissionCompany Subsidiary have maintained a commercially reasonable information security program in accordance with applicable Privacy Laws in all material respects. The Company has implemented at all times since January 1, any state attorney general or similar state official2020, (ii) any other Governmental authoritycommercially reasonable administrative, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of technical, and physical security measures with respect to Personal Data and other confidential data collected by or on behalf of the Company or its Subsidiaries is the Company Subsidiary and the networks, equipment, software, and other systems and assets of the Company and the Company Subsidiary. Since January 1, 2020, neither the Company nor the Company Subsidiary have experienced any security breach or was in violation of cyber security event, including, without limitation, any Privacy Commitments. To the Company’s Knowledgetheft, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access toloss, or unauthorized use, disclosure, access or Processing acquisition of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (each, a “Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against except for any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and Incidents that would not reasonably be expected to behave, individually or in the aggregate, material to the a Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsMaterial Adverse Effect.
Appears in 2 contracts
Sources: Merger Agreement (Indivior PLC), Merger Agreement (Indivior PLC)
Privacy and Data Security. (a) In To the prior three (3) yearsKnowledge of the Company, as of the Company and its Subsidiaries have been in compliance with Privacy Lawsdate hereof, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policiesat no time since April 30, public statements and other public representations relating 2017 to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company date of this Agreement to which the Company is or will be a partyAgreement, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation has there been any material data security breach of any Privacy Commitments that would be materially adverse to the Company and its SubsidiariesBusiness IT Assets or material unauthorized access, taken as a whole.
(b) In the prior three (3) yearsuse, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Lawsor disclosure of any Personal Information owned, are accurate and complete and are not misleading used, maintained, received, or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data controlled by or on behalf of the Company or its Subsidiaries is any Company Subsidiary, including any unauthorized access, use or was in violation disclosure of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions Personal Information that would reasonably be expected constitute a breach, in each case, for which notification to form the basis for individuals or Governmental Authorities is required under any proceeding for any potential violation of any applicable Information Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, and Security Laws or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard Contracts to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of which the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have Company Subsidiary is a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Dataparty.
(eb) Each of Except for matters which, individually or in the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defectaggregate, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is have not had and would not reasonably be expected to behave a Company Material Adverse Effect, the Company’s and each Company Subsidiary’s collection, maintenance, transmission, transfer, use, disclosure, storage, disposal and security of Personal Information has complied in all material respects since April 30, 2017 to the date of this Agreement with (i) Information Privacy and Security Laws, (ii) Contracts to which the Company or any Company Subsidiary is a party that govern that Personal Information, and (iii) applicable privacy policies or disclosures posted to websites maintained by the Company or any Company Subsidiary that govern Personal Information processed by the Company or the Company Subsidiary (the “Privacy Policies”). Since April 30, 2017 to the date of this Agreement, no suit, claim, action, proceeding, arbitration, mediation or, to the Knowledge of the Company, investigation is pending or, to the Knowledge of the Company, threatened in writing against the Company or any Company Subsidiary relating to the processing or security of Personal Information, except as would not individually or in the aggregate, reasonably be expected to result in material liability to the Company and its the Company Subsidiaries.
(c) Included in the Business IT Assets are standalone databases which contain a records of known customers of any of the product or service offerings of the businesses conducted by the Company and the Company Subsidiaries, taken as a whole. In all of which are free and clear of all restrictions or limitations on the prior three years, there have not been any use of such databases in all material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems respects other than routine failures restrictions or disruptions that have been remediated in limitations required under applicable Law, or the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies Privacy Policies or vulnerabilities in the Company IT Systemsother contractual commitments under which such information as collected.
Appears in 2 contracts
Sources: Merger Agreement (Vail Resorts Inc), Merger Agreement (Peak Resorts Inc)
Privacy and Data Security. (a) In Except as has not had and would not reasonably be expected to have, individually or in the prior three aggregate, a Company Material Adverse Effect, (3i) years, the Company and its Subsidiaries have been at all times in compliance with Privacy Lawsthe prior three years complied, and in presently comply, with all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries applicable Privacy Legal Requirements, and other Persons relating to Personal Data their own respective privacy policies, terms of use and contractual obligations and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement and its Subsidiaries have taken appropriate actions (including reasonable and appropriate administrative, technical and physical safeguards) to which protect Personal Information in their possession or under their control against unauthorized or unlawful access, use, modification, disclosure or other misuse.
(b) Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect (i) in the prior three years neither the Company is or will be a party, and the consummation nor any of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in its Subsidiaries has received any written notice from any applicable Governmental Entity alleging a violation of any Privacy Commitments that would be materially adverse to Legal Requirements by the Company and or any of its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of nor has the Company or any of its Subsidiaries been threatened in writing to be charged with respect any such violation by any Governmental Entity; (ii) no claims have been asserted or threatened against the Company or any of its Subsidiaries (and to the Processing knowledge of Personal Data conform in all material respects the Company, no such claims are likely to be asserted or threatened) by any Person alleging a violation of such Person’s privacy, personal or confidentiality rights under any Privacy Legal Requirements, or the Company’s privacy policies, terms of use or contractual obligations and (iii) to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and Knowledge of the Company, in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access touse, or unauthorized useaccess, disclosure, or Processing other security incident of or involving Personal Data Information in the possession of or under the control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal DataSubsidiaries.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 2 contracts
Sources: Merger Agreement (Kimball International Inc), Merger Agreement (Kimball International Inc)
Privacy and Data Security. (a) In the prior three (3) yearsExcept as set forth on Schedule 4.20(a), the Company VH Companies are and its Subsidiaries since the Lookback Date, have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”)Protection Requirements. The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are by this Agreement will not reasonably expected to, directly or indirectly, result in a any material violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeData Protection Requirement.
(b) In To the prior three (3) yearsKnowledge of the Company, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform VH Companies meet in all material respects the rules regarding the security of electronic Protected Health Information (otherwise known as the HIPAA Security Rule) applicable to its respective businesses and operations. The VH Companies maintain in all material respects: (i) administrative, technical, and physical safeguards reasonably designed to safeguard in all material respects the Privacy security, confidentiality, availability and integrity of Personal Information; and (ii) records reflecting applicable security program documents, including an information security policy, disaster recovery and business continuity plan, incident response policy, encryption standards and other computer security protection policies and procedures. The VH Companies require third parties that process Personal Information on behalf of the VH Companies to comply in all material respects with applicable Data Security Policies that govern Protection Requirements with respect to such Personal DataInformation.
(c) There Since the Lookback Date, the Company has not received any written notice from a Governmental Body that a claim has been filed, investigation has been initiated or Action is pending against the Company by such Governmental Body concerning an alleged violation of the Privacy Laws that, in each case, would be material to the VH Companies (and in the prior three years there has beentaken as a whole) no material Legal Proceeding pending orand, to the Knowledge of the Company’s knowledge, no such claim, investigation or Action by a Governmental Body has been threatened against or involving concerning an alleged violation of the Privacy Laws that, in each case, would be material to the VH Companies (taken as a whole).
(d) To the Knowledge of the Company, neither the Company or its Subsidiaries initiated by nor any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of third party processing Personal Data by or Information on behalf of the Company has experienced any failures, crashes, security breaches, unauthorized access, use, acquisition, or disclosure, or other adverse events or incidents related to Personal Information or its Subsidiaries is information technology systems that would require notification of individuals, law enforcement, or was any Governmental Body, any remedial action under any applicable Data Protection Requirement or that have caused any substantial disruption of or interruption in violation the use of the Company’s software, equipment or systems, except for any Privacy Commitmentssuch failure, crash, security breach, unauthorized access, use, acquisition, disclosure or other adverse event or incident that would not be material to the VH Companies (taken as a whole). To the Knowledge of the Company’s Knowledge, there are no factspending or expected complaints, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) yearsactions, (i) there has been no unauthorized access tofines, or other penalties facing the Company in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or Processing of Personal Data in the possession other adverse events or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, exceptincidents, in each case of clauses (i)case, (ii), and (iii), as that would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, VH Companies (taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 1 contract
Sources: Merger Agreement
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, reasonably be expected to be material to the Company, each Acquired Company is, and at since the Reference Date has been, in compliance with all (i) applicable Laws pertaining to data protection, data privacy, data security and data breach notification in the United States and elsewhere in the world, including, as applicable, the EU’s General Data Protection Regulation (collectively, “Privacy Laws”); (ii) the Acquired Company’s published policies or notices relating to the Acquired Company’s collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any material Contracts to which any Acquired Company is bound relating to the Processing of Personal Information; and (iv) industry standards and/or codes-of-conduct to which the Company and/or any of its Subsidiaries are bound relating to the Company’s or any of its Subsidiaries’ Processing of Personal Information (collectively, taken “Privacy Requirements”).
(b) Except as a whole. In would not, individually or in the prior three yearsaggregate, there have not been reasonably be expected to be material to the Company, since the Reference Date, no Acquired Company has received any material failuressubpoenas, breakdowns demands, or continued substandard performance other written notices from any Governmental Body or other entity investigating, inquiring into, or otherwise relating to any actual violation of any Privacy Laws. The Company IT Systems that have caused a material failure is not under investigation by any Governmental Body or disruption other entity for any actual violation of any Privacy Laws.
(c) Each Acquired Company has taken commercially reasonable steps designed to protect (i) the operation, confidentiality, integrity, and security of the Company Acquired Company’s software, systems, and websites (“IT Systems other than routine failures or disruptions Assets”) that have been remediated are involved in the Ordinary Course Processing of Business. In Personal Information, and (ii) Personal Information in the past three Acquired Company’s possession and/or control from unauthorized use, access, disclosure, deletion, and/or modification.
(3d) yearsExcept as would not, there have been no (except individually or in the aggregate, reasonably be expected to be material to the extent completely remediated)Company, since the Reference Date, and to the Knowledge of the Company’s Knowledge, no Acquired Company has experienced any failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents related to Personal Information that would require notification of individuals, law enforcement, any Governmental Body, customers, vendors, or any others under any applicable Privacy Laws. To the Knowledge of the Company, there are no material pending complaints, Actions, fines, or other penalties facing any Acquired Company in connection with any such failures; crashes; security deficiencies incidents; data breaches; unauthorized access, use, or vulnerabilities in the Company IT Systemsdisclosure.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, material reasonably be expected to have a Company Material Adverse Effect, the Company complies and has for the past three (3) years complied with applicable Privacy Laws, its SubsidiariesPrivacy Policies, taken as a wholethe applicable terms of any Company Contracts relating to privacy, security, collection or use of Personal Information and all applicable requirements of industry standards or codes of conduct that concern the privacy or security of Personal Information and that are binding upon the Company (all of the foregoing, collectively, “Privacy Requirements”). The Company has, for the past three (3) years, used commercially reasonable methods and technology to secure Company IT Systems, all Personal Information and other material Company data and information from loss, theft, unauthorized access, use, acquisition of, disclosure of, processing of, or modification, which methods and technology comply in all material respects with applicable Privacy Requirements. To the extent required under applicable Privacy Laws, the Company has contractually obligated third parties that process Personal Information on behalf of the Company to comply in all material respects with applicable Privacy Laws and to protect the privacy, security and confidentiality of all Personal Information. To the Knowledge of the Company, such third parties, in their provision of services to Company, have not failed to comply in any material respect with relevant contracts. In the prior past three (3) years, there no claims have not been asserted or threatened against the Company by any material failures, breakdowns or continued substandard performance Person alleging a violation of any Company IT Systems that have caused a material failure Privacy Requirements, except as would not reasonably be expected to have, individually or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Businessaggregate, a Company Material Adverse Effect. In the past three (3) years, there have been no (except to data security incidents or data breaches affecting the extent completely remediated)Company IT Systems or any Personal Information that has been collected, and to maintained, processed or stored by or on behalf of the Company that would require notification of individuals, law enforcement, or any Governmental Authority under any applicable Privacy Law. Neither the execution of this Agreement nor the performance of the Company’s Knowledgeobligations under this Agreement will violate any applicable Privacy Requirements in any material respect.
(b) To the Knowledge of the Company, there no Company IT System contains any “back door,” “drop dead device,” “time bomb,” “Trojan horse,” “virus,” “worm,” “spyware” or “adware” (as such terms are no material commonly understood in the software industry) or any other code designed or intended to have or capable of performing or facilitating, any of the following functions: (i) disrupting, disabling, harming or otherwise impeding in any manner the operation of, or providing unauthorized access to, a computer system or network or other device on which such code is stored or installed; or (ii) compromising the privacy or data security deficiencies of a user or vulnerabilities in damaging or destroying any data or file without the user’s consent (collectively, “Malicious Code”). The Company has implemented, and the Company maintains, commercially reasonable measures to prevent the introduction of Malicious Code into the Company IT Systems, including firewall protections and regular virus scans and for taking and storing on-site and off-site back-up copies of Company software and critical data.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) yearsSince January 1, 2015, the Company Acquired Companies and its Subsidiaries Seller Group (to the extent relating to the EIS Business) have been in compliance with Privacy Laws, and complied in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data applicable provisions of the Privacy Laws and (ii) applicable written policies, public statements and other public representations all material contractual requirements including material “business associate” requirements or “subcontractor business associate” requirements relating to the Processing privacy, publicity, data protection and processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws Information (“Privacy the foregoing privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, security requirements collectively referred to as the “Privacy Commitments”). The execution, delivery EIS Business’ products and performance by services are capable of being used in a manner that is compliant in all material respects with the Company of this Agreement to which the Company is or will be a partyPrivacy Commitments. The EIS Business has adopted, and has in the consummation of the transactions contemplated hereby or therebypast and is currently in material compliance with, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company written privacy and its Subsidiaries, taken as a wholesecurity and compliance policies and procedures.
(b) In Since January 1, 2015, to the prior three (3) yearsKnowledge of the Seller Group, the Privacy Acquired Companies and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive the Seller Group (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform extent related to the EIS Business) have complied in all material respects with all contractual and fiduciary obligations relating to the privacy, publicity, data protection and processing of Personal Information. Since January 1, 2015, the Acquired Companies and the Seller Group (to the extent related to the EIS Business) have employed commercially reasonable efforts to comply with all of its privacy and security policies and notices and the internal rules, policies and procedures established by the Acquired Companies or the Seller Group (to the extent related to the EIS Business) (collectively, the “Privacy and Data Security Policies that govern such Personal DataPolicies”).
(c) There is The Acquired Companies and the Seller Group (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledgeextent related to the EIS Business) have taken commercially reasonable measures to ensure that Personal Information is protected against loss, threatened theft and against unauthorized access, use, modification, disclosure, or involving the Company or its Subsidiaries initiated by any Person (including (iother misuse. Except as set forth in Section 2.17(c) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company Seller Disclosure Schedule, none of the Acquired Companies or its Subsidiaries members of the Seller Group (to the extent related to the EIS Business) has experienced or reported any incident in which any Personal Information was subject to an unauthorized access, use, modification, disclosure or other misuse which would constitute a “Breach” of “Unsecured Protected Health Information,” as such terms are defined at 45 C.F.R. § 164.402, or any use, disclosure, access or acquisition of “Protected Health Information” as such term is or was defined at 45 C.F.R. § 160.103, in violation of HIPAA, HITECH or the HIPAA Rules, that would trigger a requirement to notify any Privacy Commitments. To the Company’s KnowledgeGovernmental Entity, there are no factsor that otherwise has resulted in, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation result in a material Liability of any Privacy CommitmentsAcquired Company.
(d) In With respect to the prior three information technology and computer systems (3including information technology and telecommunication hardware, communications networks and data centers) yearsrelating to the transmission, storage, maintenance, organization, presentation, generation, processing or analysis of data and information (including Personal Information) whether or not in electronic format, primarily used by the EIS Business (the “IT Systems”): (i) there has have been no successful unauthorized access to, intrusions or unauthorized use, disclosure, or Processing of Personal Data in the possession or control breaches of the Company or its Subsidiaries or any of its contractors with regard security thereof except as would not reasonably be expected to any Personal Data obtained from or on behalf of be material to the Company or its Subsidiaries (“Security Incident”)EIS Business, (ii) there have has not been no unauthorized intrusions any material malfunction thereof that has not been remedied or breaches of security into replaced in all material respects, or any Company IT Systemsmaterial unplanned downtime or service interruption thereof, and (iii) none the EIS Business has, to the Knowledge of the Company Seller Group, implemented or any is in the process of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented implementing commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards measures in accordance with industry practice to protect the confidentiality, integrity and security of Personal Data its servers, systems, sites, circuits, networks and other computer and telecommunications assets and equipment (and all information and transactions stored or contained therein or transmitted thereby) against any Security Incidentunauthorized use, access, interruption, modification or corruption, in conformance with applicable industry practices, including taking all reasonable steps without limitation security patches or security upgrades that are generally available therefor, and (iv) to safeguard and back up Personal Data.
(e) Each the Knowledge of the Company and its Subsidiaries owns Seller Group, no third party providing technology services to the EIS Business has failed to meet any material service obligations. The EIS Business has implemented or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company process of implementing reasonable backup and its Subsidiaries, taken as a wholerecovery technology processes consistent with industry standard practices. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three The Seller Group (3) years, there have been no (except to the extent completely remediated)relating to the EIS Business) has established and is in material compliance with an information security program that: (w) includes administrative, technical and physical safeguards designed to safeguard the security, confidentiality, and integrity of EIS Business data and Personal Information; (x) is designed to protect against unauthorized access to the Company’s KnowledgeIT Systems and Personal Information of the EIS Business; (y) satisfies the Privacy Laws and Privacy Commitments; and (z) includes breach notification policies and procedures to provide notice to Persons regarding information security incidents involving acquisition, there are no material security deficiencies access, loss, theft, use or vulnerabilities disclosure of Personal Information in the Company IT Systemsan unauthorized manner.
Appears in 1 contract
Sources: Purchase Agreement (Allscripts Healthcare Solutions, Inc.)
Privacy and Data Security. (a) In The Company and each of its Subsidiaries (i) is and, since January 1, 2011, has been, in compliance in all material respects with all Privacy Laws governing the prior three receipt, collection, use, storage, processing, sharing, security disposal, disclosure, or transfer of Personal Information that is collected or possessed by or otherwise subject to the control of the Company’s or its Subsidiaries’ policies regarding privacy and data security, including all privacy policies and similar disclosures published on the Company’s or its Subsidiaries’ websites or otherwise communicated to third parties, and (3ii) years, has implemented and maintained measures sufficient to provide reasonable assurance that the Company and its Subsidiaries have been comply with such Privacy Laws and that neither the Company nor its Subsidiaries will acquire, fail to secure, share or use such Personal Information in compliance a manner inconsistent with (A) such Privacy Laws, and in all material respects with (iB) Contracts any notice to or consent from the provider of Personal Information, (C) any policy adopted by the Company or portions thereofits Subsidiaries, (D) between any Contract to which the Company or its Subsidiaries and other Persons relating are party that is applicable to such Personal Data Information, and (iiE) applicable written policies, public statements and other public representations relating any privacy policy or privacy statement from time to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance time published or otherwise made available by the Company of this Agreement or its Subsidiaries to which the Company is or will be a party, and Persons to whom the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse Personal Information relates.
(b) With respect to all Personal Information collected by the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have such Person has at all times been maintained taken steps required and made available reasonably necessary to individuals in accordance protect such Personal Information against loss and against unauthorized access, use, modification, disclosure or other misuse, including implementing and monitoring compliance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries measures with respect to the Processing technical and physical security of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (Information. The Company and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or each of its Subsidiaries initiated has commercially reasonable safeguards in place to protect Personal Information in its possession or control from unauthorized access or disclosure, including by any Person (including (i) the Federal Trade Commissionits officers, any state attorney general or similar state officialemployees, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitmentsindependent contractors and consultants. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there There has been no unauthorized access to, or unauthorized use, disclosuredisclosure of, or Processing other misuse of any Personal Data in Information.
(c) Neither the possession Company nor its Subsidiaries has received any written notice of any claims, investigations, or alleged violations of Privacy Laws with respect to Personal Information collected or possessed by or otherwise subject to the control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal DataCompany.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 1 contract
Sources: Purchase Agreement (Ezcorp Inc)
Privacy and Data Security. (a) In The Target Companies, and, to Knowledge of the prior Company, all vendors, processors, or other third parties acting for or on behalf of a Target Company in connection with the Processing of Personal Information or that otherwise have been authorized to have access to Personal Information in the possession or control of the Target Companies, comply and at all times in the past three (3) yearsyears have complied, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with all of the following: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and Privacy Laws; (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Company Privacy and Data Security Policies,” ; and together with Privacy Laws and such Contracts, (iii) any Contract requirements or terms of use concerning the Processing of Personal Information to which a Target Company is a party or otherwise bound as of the date hereof (“Privacy CommitmentsAgreements”). To the Knowledge of the Company, the operation of the business of the Target Companies has not and does not violate any right to privacy or publicity of any third person under applicable Law.
(b) The execution, delivery delivery, and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby do not and will not: (i) conflict with or thereby, are not reasonably expected to, directly or indirectly, result in a violation or breach of any Privacy Commitments that would be materially adverse to the Laws, Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have (as currently existing or as existing at all times been maintained and made available any time during which any Personal Information was collected or Processed by or for the Target Companies, or Privacy Agreements); or (ii) require the consent of or notice to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of any Person concerning such Person’s Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal DataInformation.
(c) There is (The Company has delivered or made available to SPAC true, complete, and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the correct copies of all Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Privacy and Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSecurity Policies.
(d) In To the prior three (3) yearsKnowledge of the Company, (i) there no Person has been no obtained unauthorized access to, or unauthorized use, disclosure, or Processing of to Personal Data Information in the possession or control of a Target Company, nor has there been any other material compromise of the Company security, confidentiality or its Subsidiaries integrity of such information or any of its contractors with regard data, and no written or, to any Personal Data obtained from or on behalf the Knowledge of the Company, oral complaint relating to an improper use or disclosure of, or a breach in the security of, any such information or data has been received by a Target Company or its Subsidiaries (a “Security Incident”). The Target Companies have not notified and, (ii) to Knowledge of the Company, there have been no unauthorized intrusions facts or breaches of security into circumstances that would require a Target Company to notify, any Company IT Systems, and (iii) none of the Company Governmental Authority or any of its Subsidiaries has notified or been required to notify any other Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, the Target Companies have not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and there have has not been no any audit, investigation, enforcement action (except including any fines or other sanctions), or other Action, (i) relating to any actual, alleged, or suspected Security Incident or violation of any Privacy Agreements, or any Person’s individual privacy rights involving Personal Information in the possession or control of the Target Companies, or held or Processed by any vendor, processor, or other third party for or on behalf of the Target Companies; (ii) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (iii) permitting or mandating any Governmental Authority to investigate, requisition information from, or enter the premises of, the Target Companies, and, to the extent completely remediated), and to Knowledge of the Company’s Knowledge, there are no material security deficiencies facts or vulnerabilities circumstances that would reasonably be expected to give rise to any of the foregoing.
(f) Each Target Company has at all times in the past three (3) years implemented and maintained, and required all vendors, processors, or other third parties that Process any Personal Information for or on behalf of the Target Companies to implement and maintain, commercially reasonable security measures, plans, procedures, controls, and programs consistent with Privacy Agreements.
(g) The Company IT Systemsmaintains a cyber insurance policy that is adequate and suitable for the nature and volume of Personal Information Processed by or on behalf of the Target Companies and is sufficient for compliance with all applicable Laws and Contracts to which any of the Target Companies is a party or by which it is bound. The Company has delivered or made available to SPAC a true, complete, and correct copy of such cyber insurance policy.
Appears in 1 contract
Sources: Business Combination Agreement (Willow Lane Acquisition Corp.)
Privacy and Data Security. (i) The Company and its Subsidiaries have (i) complied in all material respects with its applicable privacy and data protection policies, procedures, and applicable Information Privacy and Security Laws with respect to Personal Data that is accessed, collected, possessed by or otherwise subject to the use or control of the Company or any of its Subsidiaries; (ii) implemented and maintained measures, including appropriate technical, physical and administrative safeguards, sufficient to ensure that the Company and its Subsidiaries and the operation of the businesses of the Company and its Subsidiaries materially complies with (a) In applicable Information Privacy and Security Laws, (b) any notice to or consent from the prior three individual to whom the Personal Data relate(s) (3“Data Subjects”), (c) yearsany policy adopted by the Company or any of its Subsidiaries, (d) any Company Material Contract made by any of the Company or its Subsidiaries that is applicable to such Personal Data or (e) any information technology or privacy policy or privacy statement from time to time published or otherwise made available to Data Subjects and (iii) in connection with each third party servicing, outsourcing or similar arrangement involving Personal Data used, processed, stored, transferred, collected or otherwise exploited in connection with the businesses of the Company and its Subsidiaries, contractually obligated any such third party service provider to (w) comply with the applicable Information Privacy and Security Laws with respect to Personal Data, (x) protect and secure from loss or damage, unauthorized access, use, disclosure or modification, or any other misuse of Personal Data, (y) restrict use of Personal Data to those authorized or required under the servicing, outsourcing or similar arrangement and (z) certify or guarantee the return or adequate disposal of Personal Data. The Company and its Subsidiaries have the right (and upon consummation of this Agreement will have the right) to use all of the Personal Data in each of its databases in the operation of the business conducted by the Company and its Subsidiaries. Except for disclosures of Personal Data required or permitted by applicable Legal Requirements, or authorized by a Data Subject or other party authorized to permit disclosure, the Company and its Subsidiaries have not sold, leased, transferred or otherwise made available to third parties any Personal Data. The execution of this Agreement and the consummation of the transactions contemplated hereby do not violate any privacy policy, Company Material Contract or Information Privacy and Security Laws. For the avoidance of doubt, the term “privacy” as used in this Section 7K includes the concepts of data protection and data security.
(ii) The Company and each of its Subsidiaries is in and, since the date compliance became required, has been in compliance in all material respects with, the applicable requirements of HIPAA, state privacy laws and other Legal Requirements applicable to the privacy and security of Personal Data. When acting as a Business Associate of a Covered Entity or as a Subcontractor of a Business Associate (such terms as defined by HIPAA), the Company and its Subsidiaries have in effect agreements with Privacy Lawseach such Covered Entity and Business Associate, as applicable, that satisfy the requirements of HIPAA in all material respects (“BA Agreements”). Except as disclosed in Section 7K(ii) of the Company Disclosure Letter, the Company and its Subsidiaries have in effect with each entity acting as a Business Associate or Subcontractor (as defined in HIPAA) of the Company, an agreement that satisfies the requirements of HIPAA in all material respects (“Vendor BA Agreements”).
(iii) The Company and each of its Subsidiaries is, and has been, in compliance in all material respects with (i) Contracts (all contracts or portions thereof) other arrangements in effect between the Company and its customers that apply to or its Subsidiaries and other Persons relating to restrict the use, disclosure or security of Personal Data Data, including BA Agreements; and (ii) applicable written policies, public statements all contracts or other arrangements between the Company and vendors and other public representations relating business partners that apply to or restrict the Processing use, disclosure or security of Personal Data by such vendors and other business partners, including Vendor BA Agreements (such contracts or other arrangements referenced in clauses (ii) and (iii) collectively referred to as “Privacy Agreements”). To the extent required by applicable Legal Requirements, the Company and its Subsidiaries have in place, and has complied and is in compliance in all material respects with, written policies to protect the security and privacy of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The Company and its Subsidiaries have the right pursuant to the Privacy Agreements and its privacy and security policies to use and disclose Personal Data for the purpose such information is and has been used and disclosed. Neither the execution, delivery and or performance by the Company of this Agreement to which the Company is or will be a partyany Transaction Document, and nor the consummation of any of the transactions contemplated hereby by this Agreement, including the Merger, or therebyany Transaction Document, are not reasonably expected toincluding the direct or indirect transfer of Personal Data resulting from such transactions, directly will violate any of the Company’s or indirectly, result in a violation of its Subsidiaries’ policies or any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeAgreements.
(biv) In the prior three (3) yearsThe Company and each of its Subsidiaries have maintained, the Privacy commercially reasonable physical, technical, organizational and administrative security safeguards designed to protect all Personal Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required collected by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform from and against unauthorized access, use and/or disclosure and that comply in all material respects to the with all Privacy Agreements and Data Security Policies that govern such applicable Legal Requirements regarding Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to . To the Company’s knowledge, threatened against or involving no Person has submitted a written request to the Company to withdraw his or its Subsidiaries initiated by her consent to any Person (including (i) the Federal Trade Commission, any state attorney general use or similar state official, (ii) any other Governmental authority, foreign processing of his or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of her Personal Data or submitted a written request for erasure of their Personal Data by the Company in the three (3) years prior to the date of this Agreement where the Company has not complied with such request.
(v) Except as set forth on Section 7K(v) of the Company Disclosure Letter, there have not been any material non-permitted uses or disclosures, material security incidents, or material breaches involving Personal Data held or collected by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of Subsidiaries. Neither the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or nor any of its Subsidiaries has notified or been required is subject to notify any Person of pending Proceeding nor, to the Company’s knowledge, is any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of Proceeding threatened against the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledgeknowledge, there no such Proceedings are no material security deficiencies likely to be asserted or vulnerabilities in threatened against the Company) by any third party or entity, including any Governmental Entity, alleging (i) a violation of the Company’s policies or any Privacy Agreements; (ii) a violation of any third party or entity’s privacy rights under any Legal Requirements; or (iii) the failure of the Company IT Systemswith respect to any security audit.
(vi) The Company and each of its Subsidiaries has not, since December 31, 2013, notified any affected individual, any customer, any Governmental Entity, or the media of any breach of Personal Data. The Company and its Subsidiaries are not currently planning to conduct any such notification.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, reasonably be expected to be material to the Company, the Company is, and at since the Reference Date has been, in compliance with all (i) applicable Laws pertaining to data protection, data privacy, data security and data breach notification in the United States and elsewhere in the world, including the EU’s General Data Protection Regulation (collectively, “Privacy Laws”); (ii) published policies or notices relating to the Company’s collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any material Contracts to which the Company is bound relating to the Processing of Personal Information; and (iv) industry standards and/or codes-of-conduct to which the Company and/or any of its Subsidiaries are bound relating to the Company’s or any of its Subsidiaries’ Processing of Personal Information (collectively, taken “Privacy Requirements”).
(b) Except as a whole. In would not, individually or in the prior three yearsaggregate, there have reasonably be expected to be material to the Company, since the Reference Date, the Company has not been received any material failuressubpoenas, breakdowns demands, or continued substandard performance other written notices from any Governmental Body or other entity investigating, inquiring into, or otherwise relating to any actual violation of any Privacy Laws. The Company IT Systems that have caused a material failure is not under investigation by any Governmental Body or disruption other entity for any actual violation of any Privacy Laws.
(c) The Company has taken commercially reasonable steps designed to protect (i) the operation, confidentiality, integrity, and security of the Company Company’s software, systems, and websites (“IT Systems other than routine failures or disruptions Assets”) that have been remediated are involved in the Ordinary Course Processing of Business. In Personal Information, and (ii) Personal Information in the past three Company’s possession and/or control from unauthorized use, access, disclosure, deletion, and/or modification.
(3d) yearsExcept as would not, there have been no (except individually or in the aggregate, reasonably be expected to be material to the extent completely remediated)Company, since the Reference Date, and to the Knowledge of the Company’s Knowledge, the Company has not experienced any failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents related to Personal Information that would require notification of individuals, law enforcement, any Governmental Body, customers, vendors, or any others under any applicable Privacy Laws. To the Knowledge of the Company, there are no material security deficiencies pending complaints, Actions, fines, or vulnerabilities in other penalties facing the Company IT Systemsin connection with any such failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure.
Appears in 1 contract
Privacy and Data Security. (a) In The Company Entities have a privacy policy regarding the prior three (3) yearscollection, use and disclosure of personal information in connection with the operation of the Business for which any Company Entity is the “controller” or similarly responsible under applicable Laws regarding the collection, retention, use and protection of personal information, or otherwise held or processed on its Subsidiaries have behalf and each Company Entity is and has been in material compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”)privacy policy. The execution, delivery Company Entities have posted a privacy policy in a clear and performance conspicuous location on all public websites owned or operated by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeEntities.
(b) In Without limiting the prior generality of Section 4.09, each Company Entity has in the past three (3) yearsyears materially complied with all applicable Laws regarding the collection, the Privacy retention, use and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices protection of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Datapersonal information.
(c) There is (and in Without limiting the prior three years there has been) no material Legal Proceeding pending orgenerality of Section 4.12(b), each applicable Company Entity and, to the Knowledge of the Company’s knowledge, threatened against each other party thereto is in compliance with the terms of all Material Contracts relating to data privacy, security or involving the Company or its Subsidiaries initiated by any Person breach notification (including (i) provisions that impose conditions or restrictions on the Federal Trade Commissioncollection, any state attorney general use, disclosure, transmission, destruction, maintenance, storage or similar state officialsafeguarding of personal information), (ii) any other Governmental authorityif any, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions except for such noncompliance that would not reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitmentshave a Material Adverse Effect.
(d) In No Person (including any Governmental Authority) has, in the prior past three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the commenced any Action against any Company or its Subsidiaries or any of its contractors with regard Entity relating to any Personal Data obtained from Company Entity’s information privacy or data security practices relating to the personal information of consumers, including with respect to the access, disclosure or use of personal information of consumers maintained by or on behalf of the any Company or its Subsidiaries (“Security Incident”)Entity, or, (ii) there have been no unauthorized intrusions to the Knowledge of the Company, threatened any such Action, or breaches made any complaint or investigation relating to such practices.
(e) The execution, delivery and performance of security into this Agreement and the consummation of the contemplated transactions, including any transfer of personal information resulting from such transactions, will not violate the privacy policy of any Company IT SystemsEntity as it currently exists, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as except for such violations that would not reasonably be expected to have a Company Material Adverse Effect. Each of the .
(f) The Company Entities have established and its Subsidiaries has implemented policies, programs and procedures that are commercially reasonable reasonable, in material compliance with applicable industry practices and appropriate, including administrative, technical and physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data personal information for which any Company Entity is the “controller” or similarly responsible under applicable Laws regarding the collection, retention, use and protection of personal information against any Security Incidentunauthorized access, including taking all reasonable steps to safeguard and back up Personal Datause, modification, disclosure or other misuse.
(eg) Each Without limiting the generality of Section 4.11, the Company and its Subsidiaries owns or Business has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) not in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) yearsyears experienced any material loss, there have been no (except to damage, or unauthorized access, disclosure, use or breach of security of any personal information for which any Company Entity is the extent completely remediated)“controller” or similarly responsible under applicable Laws regarding the collection, retention, use and to the Company’s Knowledge, there are no material security deficiencies protection of personal information or vulnerabilities in the Company IT Systemsotherwise held or processed on its behalf.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) years, the The Company and its Subsidiaries are, and at all times have been been, in compliance with Privacy Laws, and in all material respects with (i) Contracts all applicable Data Protection Laws; (or portions thereofii) between the Company or its Subsidiaries all applicable contractual obligations concerning data privacy and other Persons security relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data Information in the possession or control of the Company or any of its Subsidiaries or maintained by third parties having access to such information under Contracts (or portions thereof) to which the Company or any of its contractors with regard Subsidiaries is a party; and (iii) the requirements of any privacy or security-related self-regulatory organizations or certifications to which the Company is obligated to adhere (collectively, “Privacy Agreements”). The Company and its Subsidiaries have not transferred any Personal Information across any international borders except in material compliance with applicable Data obtained from Protection Laws.
(b) The Company and its Subsidiaries have in place, maintain, and comply with, a comprehensive written information security program that (i) complies in all material respects with all applicable Data Protection Laws; and (ii) includes and incorporates all administrative, technical, organization, and physical security procedures and measures that are commercially reasonable and appropriate to preserve the confidentiality, integrity, and availability of all Personal Information in the possession or on behalf control of the Company and its Subsidiaries and to protect against Security Breaches.
(c) The Company and its Subsidiaries have had no Security Breaches that have materially impacted the Company or its Subsidiaries or resulted in material Liability to the Company or its Subsidiaries. The Company and its Subsidiaries have not received written notice of any pending, nor has there ever been any Action against the Company or any of its Subsidiaries initiated by (“Security Incident”), i) any Person; or (ii) any other Governmental Authority, alleging that there have has been no unauthorized intrusions a Security Breach or breaches of security into alleging that any Company IT Systems, and (iii) none activity of the Company or any of its Subsidiaries has notified or been required to notify any Person is in violation of any (A) lossapplicable Data Protection Laws, theft or damage ofPrivacy Agreements, or Privacy Policies, and to the Knowledge of Seller, there is no reasonable basis for any such Action.
(Bd) other unauthorized or unlawful access toThe Company and its Subsidiaries are, or use, disclosure or other Processing of, Personal Data, exceptand at all times have been, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each material compliance with all applicable public-facing privacy policies of the Company and its Subsidiaries has implemented commercially reasonable administrativeregarding their privacy policies and practices (collectively, physical and technical safeguardsthe “Privacy Policies”), and ensures that the Privacy Policies have been maintained to be compliant in all material respects with Data Protection Laws and consistent with the actual practices of the Company and its contractors processing Subsidiaries. The Privacy Policies permit the current uses of the Personal Data take such safeguards to protect Information by the confidentiality, integrity Company and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Dataits Subsidiaries.
(e) Each of The Company and its Subsidiaries contractually require all third parties providing services to the Company and its Subsidiaries owns that have access to or has a license receive Personal Information from or other right to use the Company IT Systems as necessary to operate the business on behalf of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as to comply with all applicable Data Protection Laws and to take all commercially reasonable steps to ensure that all Personal Information in such third parties’ possession or control is protected in a whole. In manner that is consistent with the prior three years, there have requirements of the security program.
(f) The execution and delivery of this Agreement and the consummation of the transactions contemplated hereby will not been violate in any material failuresrespects any applicable Data Protection Laws, breakdowns Privacy Policies, or continued substandard performance Privacy Agreements or result in or give rise to any right of termination or other right to impair or limit in any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to respect the Company’s Knowledge, there are no material security deficiencies or vulnerabilities any of its Subsidiaries’ rights to own or use any Personal Information used in or necessary for the Company IT Systemsconduct of their businesses.
Appears in 1 contract
Sources: Stock Purchase Agreement (Heritage-Crystal Clean, Inc.)
Privacy and Data Security. (a) In The Target Companies, and, to Knowledge of the prior Company, all vendors, processors, or other third parties acting for or on behalf of a Target Company in connection with the Processing of Personal Information or that otherwise have been authorized to have access to Personal Information in the possession or control of the Target Companies, comply and at all times in the past three (3) yearsyears have complied, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with all of the following: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and Privacy Laws; (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Company Privacy and Data Security Policies,” ; and together with Privacy Laws and such Contracts, (iii) any Contract requirements or terms of use concerning the Processing of Personal Information to which a Target Company is a party or otherwise bound as of the date hereof (“Privacy CommitmentsAgreements”). To the Knowledge of the Company, the operation of the business of the Target Companies has not and does not violate any right to privacy or publicity of any third person under applicable Law.
(b) The execution, delivery delivery, and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby do not and will not: (i) conflict with or thereby, are not reasonably expected to, directly or indirectly, result in a violation or breach of any Privacy Commitments that would be materially adverse to the Laws, Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have (as currently existing or as existing at all times been maintained and made available any time during which any Personal Information was collected or Processed by or for the Target Companies, or Privacy Agreements); or (ii) require the consent of or notice to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of any Person concerning such Person’s Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal DataInformation.
(c) There is (The Company has delivered or made available to SPAC true, complete, and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the correct copies of all Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Privacy and Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSecurity Policies.
(d) In To the prior three (3) yearsKnowledge of the Company, (i) there no Person has been no obtained unauthorized access to, or unauthorized use, disclosure, or Processing of to Personal Data Information in the possession or control of a Target Company, nor has there been any other material compromise of the Company security, confidentiality or its Subsidiaries integrity of such information or any of its contractors with regard data, and no written or, to any Personal Data obtained from or on behalf the Knowledge of the Company, oral complaint relating to an improper use or disclosure of, or a breach in the security of, any such information or data has been received by a Target Company or its Subsidiaries (a “Security Incident”). The Target Companies have not notified and, (ii) to Knowledge of the Company, there have been no unauthorized intrusions facts or breaches of security into circumstances that would require a Target Company to notify, any Company IT Systems, and (iii) none of the Company Governmental Authority or any of its Subsidiaries has notified or been required to notify any other Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, the Target Companies have not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and there have has not been no any audit, investigation, enforcement action (except including any fines or other sanctions), or other Action, (i) relating to any actual, alleged, or suspected Security Incident or violation of any Privacy Agreements, or any Person’s individual privacy rights involving Personal Information in the possession or control of the Target Companies, or held or Processed by any vendor, processor, or other third party for or on behalf of the Target Companies; (ii) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (iii) permitting or mandating any Governmental Authority to investigate, requisition information from, or enter the premises of, the Target Companies, and, to the extent completely remediated), and to Knowledge of the Company’s Knowledge, there are no material security deficiencies facts or vulnerabilities in circumstances that would reasonably be expected to give rise to any of the Company IT Systemsforegoing.
Appears in 1 contract
Sources: Business Combination Agreement (Blue Acquisition Corp/Cayman)
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect, the Company is, and at since the Reference Date has been, in compliance with all (i) applicable Laws pertaining to data protection, data privacy, data security and data breach notification in the United States and elsewhere in the world, including the EU’s General Data Protection Regulation (collectively, “Privacy Laws”); (ii) published policies or notices relating to the Company’s collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any material Contracts to which the Company is bound relating to the Processing of Personal Information; and (iv) industry standards and/or codes-of-conduct to which the Company and/or any of its Subsidiaries are bound relating to the Company’s or any of its Subsidiaries’ Processing of Personal Information (collectively, “Privacy Requirements”).
(b) Except as would not have a Company Material Adverse Effect, since the Reference Date, the Company has not received any subpoenas, demands, or other written notices from any Governmental Body or other entity investigating, inquiring into, or otherwise relating to any actual violation of any Privacy Laws. Each To the Knowledge of the Company, the Company and its Subsidiaries is not under investigation by any Governmental Body or other entity for any actual violation of any Privacy Laws.
(c) The Company has implemented taken commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards steps designed to protect (i) the operation, confidentiality, integrity integrity, and security of the Company’s software, systems, and websites (“IT Assets”) that are involved in the Processing of Personal Data against any Security IncidentInformation, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) Personal Information in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries Company’s possession and/or control from unauthorized use, access, disclosure, deletion, and/or modification.
(except for ordinary wear and tear), except in each case of clauses (id) and (ii), Except as is not and would not reasonably be expected to behave a Company Material Adverse Effect, individually or in since the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated)Reference Date, and to the Knowledge of the Company’s Knowledge, the Company has not experienced any failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents related to Personal Information that would require notification of individuals, law enforcement, any Governmental Body, customers, vendors, or any others under any applicable Privacy Laws. Except as would not have a Company Material Adverse Effect, to the Knowledge of the Company, there are no material security deficiencies pending complaints, Actions, fines, or vulnerabilities in other penalties facing the Company IT Systemsin connection with any such failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure.
Appears in 1 contract
Privacy and Data Security. (a) The use and dissemination by the Company or its Subsidiaries of any Personal Data within the prior three (3) years is in compliance in all material respects with the Company or any Subsidiary’s privacy policies and terms of use, relevant industry standards, all applicable Laws, and all Contracts to which the Company or any of its Subsidiaries is bound. Neither the Company nor any of its Subsidiaries collect, possess, or process any Personal Data which is subject to the data protection laws, privacy laws, or any similar laws of any jurisdiction outside of the United States. No Personal Data is transmitted or otherwise provided by the Company or any of its Subsidiaries to any third party electronically except by a secure, encrypted means. Neither the Company nor any of its Subsidiaries engages in any processing or disclosure of Personal Data that would be considered a “sale” or the “selling” of Personal Data under any applicable Laws.
(b) The Company and its Subsidiaries maintain policies and procedures regarding data security and privacy and each maintain administrative, technical and physical safeguards that are commercially reasonable and, in any event, in material compliance with all applicable Laws, and all Contracts to which the Company or any of its Subsidiaries is bound. The Company and its Subsidiaries have complied in all material respects with the terms of all Contracts to which the Company or any of its Subsidiaries is a party relating to data privacy, security or breach notification (including provisions that impose conditions or restrictions on the collection, use, disclosure, transmission, destruction, maintenance, storage, or safeguarding of Personal Data). The Company and its Subsidiaries have contractually required its and their third-party service providers who access, use, process, or further disclose Personal Data to comply with the Company or any Subsidiary’s privacy policies and all applicable Laws.
(c) Except as set forth on Schedule 3.27(c) of the Disclosure Schedule, (i) neither the Company nor any Subsidiary has experienced any “breach” or “breach of security” as those terms are defined under applicable Law (including HIPAA), either affecting the Personal Data of more than 500 individuals, or otherwise requiring notification to individuals and/or regulatory authorities (except for those breaches disclosed to Buyer in annual reports made to the Office for Civil Rights); (ii) no notice has been provided to the Company by any Person of any security breach or incident relating to Personal Data and (iii) no Person (including any Governmental Entity) has commenced any action relating to the Company’s or any Subsidiary’s information privacy or data security practices, or to the Knowledge of the Company, threatened in writing any such action or made any complaint, investigation, or inquiry relating to such practices.
(d) In the prior past three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Lawsat least annually performed a security risk assessment, penetration test, and in all material respects with a privacy impact assessment (iif required) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required obtained an independent vulnerability assessment performed by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”)a recognized third-party audit firm. The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeeach Subsidiary has used commercially reasonable efforts to address and remediate all “critical” threats and deficiencies identified in each such assessment.
(be) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading All material Company IT Systems owned or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data used by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) are sufficient in sufficiently good working condition to effectively perform all information technology operations necessary material respects for the operation current operations of the respective businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption operations of the Company IT Systems other than routine failures after Closing consistent with operations immediately prior to Closing; (ii) operate without any material defect, malfunction, unavailability or disruptions that have been remediated in the Ordinary Course of Businesserror; and (iii) are reasonably secure against unauthorized access, intrusion, tampering, impairment, disruption, computer virus and malfunction. In the past three (3) years, there have has been no no: (except to A) breach of the extent completely remediated)Company IT Systems or successful unauthorized incidents of access, and to the Company’s Knowledgeuse, there are no material security deficiencies disclosure, modification or vulnerabilities destruction of information or interference with systems operations (including denial-of-service or other cyber incident, ransomware attack, or malware) in all or any portion of the Company IT Systems, including any such breach or incident that requires notice to any Person; or (B) unauthorized disclosure, access, destruction, use, modification or other exploitation of any confidential information in the possession, custody or control of the Company or any of its Subsidiaries. In the past three (3) years, there has been no malfunction, failure, continued substandard performance, or other impairment of the Company IT Systems that has resulted or is reasonably likely to result in material disruption or damage to the business of the Company that has not been remedied. The Company and its Subsidiaries have taken commercially reasonable steps consistent with applicable Law to safeguard the confidentiality, availability, security, and integrity of the Company IT Systems, including implementing and maintaining appropriate backup, disaster recovery, and software and hardware support arrangements.
(f) The Company and its Subsidiaries have implemented and maintained (or, where applicable, have required their vendors, processors, or other third parties acting for or on behalf of the Company or any of its Subsidiaries, to maintain), consistent with commercially reasonable and industry practices, applicable Laws, and in compliance with Contracts, reasonable security measures designed to protect the Company IT Systems from viruses and similar malware, and the Company IT Systems and all Personal Data maintained by the Company or any of its Subsidiaries from unauthorized physical or virtual access, use, modification, acquisition, disclosure, disposal or other misuse. The Company and its Subsidiaries have implemented commercially reasonable backup and disaster recovery technology processes, as well as a commercially reasonable business continuity plan, in each case consistent in all material respects with applicable Laws, and have tested such plans and processes no less than annually. Such plans and processes have been found to be adequate in connection with such testing.
(g) The Company and its Subsidiaries have taken commercially reasonable steps consistent with applicable Law to limit access to Personal Data to (i) those employees of the Company and each Subsidiary and third-party vendors providing services to or on behalf of the Company or any Subsidiary who have a need to know such Personal Data in the execution of their duties to the Company or any Subsidiary, and (ii) such other Persons permitted to access such Personal Data in accordance (in all material respects) with the privacy policies and terms of use, all applicable Laws, and all Contracts to which the Company and each Subsidiary is bound.
Appears in 1 contract
Privacy and Data Security. (a) In The Company has at all times in the prior three past two (32) years, the Company and its Subsidiaries have been in compliance with Privacy Lawsyears materially complied, and in all material respects is currently complying, with (i) Contracts all Privacy Laws, (ii) to the extent applicable, the Payment Card Industry-Data Security Standard and (iii) all contractual obligations (including those with the Company’s customers) relating to (1) the privacy of users of any of the Company’s web properties, products and/or services; (2) the collection, use, storage, retention, disclosure, transfer, disposal, or portions thereof) between any other processing of any Personal Information collected or used by the Company or its Subsidiaries and other Persons relating by third parties having access to Personal Data such information on behalf of the Company; and (ii3) applicable written policiesthe transmission of marketing and/or commercial messages through any means, public statements including email and other public representations relating to text message (the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy CommitmentsRequirements”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In Except as would not reasonably be expected to be material to the prior three (3) yearsCompany, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are Company has not misleading or deceptive received written notice from any Person (including by omission). The practices any Governmental Authority) of the Company commencement of any Action relating to the Company’s information privacy or its Subsidiaries data security practices, including with respect to the Processing collection, use, transfer, storage or disposal of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data Information maintained by or on behalf of the Company or its Subsidiaries is or was in violation Company, and, to the Knowledge of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that such Action has been threatened.
(c) Except as would not reasonably be expected to form be material to the basis for Company, the Company has taken organizational, physical, administrative and technical measures required by Privacy Laws, any proceeding for existing contractual commitment made by the Company that is applicable to Personal Information, any potential violation written policy adopted by the Company, and the Company’s information security program designed to protect (i) the integrity, security and operations of any the Company’s information technology systems, and (ii) the Personal Information owned, maintained or otherwise processed by the Company against data security incidents or other misuse. Except as would not reasonably be expected to be material to the Company, the Company has implemented reasonable procedures, satisfying the requirements of applicable Privacy CommitmentsLaws, to detect data security incidents.
(d) In Except as would not reasonably be expected to be material to the prior three Company, the Company has contractually obligated all third parties to which it provides Personal Information and/or access thereto to protect such Personal Information from unauthorized access by and/or disclosure to any unauthorized third parties.
(3e) yearsExcept as would not reasonably be expected to be material to the Company, to the Knowledge of the Company, (i) there has have been no unauthorized access todata security incidents, personal data breaches or unauthorized use, disclosure, other adverse events or Processing of incidents related to Personal Data Information in the possession custody or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or service provider acting on behalf of the Company or its Subsidiaries (“Security Incident”)Company, (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually no breach or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption violation of the Company IT Systems other than routine failures has occurred or disruptions that have is threatened in writing, and there has been remediated no unauthorized or illegal use of or access to any Personal Information.
(f) The consummation of any of the transactions contemplated hereby will not violate any applicable Privacy Laws.
(g) The Company has not sold the Personal Information or access thereto under its control and/or in its possession to a third party.
(h) The Company has not had customers or users in the Ordinary Course of Business. In European Economic Area or the past three (3) years, there have been no (except United Kingdom that would cause the Company to be subject to the extent completely remediated), European General Data Protection Regulation 2016/679 and to the Company’s Knowledge, there are no material security deficiencies other European or vulnerabilities in the Company IT SystemsUnited Kingdom data protection and privacy laws.
Appears in 1 contract
Sources: Merger Agreement (3d Systems Corp)
Privacy and Data Security. (a) In The use, storage, sharing, disclosure, dissemination, Processing and disposal of any personally identifiable information and Personal Data of the prior three (3) years, the Company and its Subsidiaries have been Business is in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) all applicable written privacy policies, public statements terms of use, contractual obligations and other public representations relating to the Processing of Personal Dataapplicable Laws, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeincluding GDPR.
(b) In Seller maintains complete, accurate and up to date records of their Personal Data Processing activities in relation to the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals Business in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy with applicable data protection and Data Security Policies that govern such Personal Dataprivacy Laws, including GDPR.
(c) There is (and Seller has, in the prior three years there has been) no material Legal Proceeding pending or, relation to the Company’s knowledgeBusiness, threatened against issued privacy notices to, and (when necessary) has obtained consents from, all relevant Data Subjects which comply in all material respects with applicable data protection and privacy Laws.
(d) Since January 1, 2019, there have been no security breaches relating to, or involving the Company violations of any security policy regarding, or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commissionunauthorized access of, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data used by or on behalf of Seller in connection with the Company Business, other than those that were resolved without material cost, material liability or its Subsidiaries is or was in violation of the duty to notify any Privacy CommitmentsPerson. To the Company’s KnowledgeFurther, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.Seller has:
(d) In the prior three (3) years, (i) there has been no implemented appropriate technical and organizational measures designed to protect against the unauthorized access or unlawful Processing of, and accidental loss of or damage to, or unauthorized use, disclosure, or Processing of Personal Data in relating to the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from Business which is Processed by or on behalf of the Company or Seller and its Subsidiaries (“Security Incident”), Subsidiaries;
(ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systemsput in place appropriate agreements, as required by applicable data protection and privacy Laws, with all third parties Processing Personal Data on their behalf relating to the Business; and
(iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) lossundertaken reasonably appropriate privacy and information security due diligence on all such third parties in accordance with, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), applicable data protection and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Dataprivacy Laws.
(e) Each There is no, and there has been no, written complaint to, or any audit, proceeding, claim or, to the knowledge of Seller, investigation (formal or informal) against, the Company and its Subsidiaries owns or has a license or other right Seller with respect to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are Business by: (i) free from any defect, bug, virus private party; or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear)any Governmental Authority, except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material with respect to the Company and its Subsidiariessecurity, taken as a whole. In the prior three yearsconfidentiality, there have not been availability or integrity of information technology assets, Personal Data, or other data, 249717839 v15 information or Intellectual Property, except for any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions foregoing that arose prior to the date of this Agreement and have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsfully resolved.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) years, the The Company and its Subsidiaries have been in compliance with Privacy Laws, and (i) are compliant in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) all applicable written policies, public statements and other public representations relating Laws related to the Processing privacy, security, or protection of Personal Data, inclusive of (ii) have implemented one or more privacy and data security policies that comply with all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to regarding the Privacy collection, use and disclosure of Personal Data Security Policies that govern such Personal Data.
(c) There is (and proprietary information in the prior three years there has been) no material Legal Proceeding pending orconnection with its business and operations, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or have trained its employees and independent contractors on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systemssuch policies, and (iiiiv) none are, and have been, in compliance in all material respects with such policies at all times. True, complete and correct copies of all privacy and data security policies that have been used by the Company or any of its Subsidiaries in the past three (3) years have been made available to Parent. The Company has notified posted all applicable external privacy and data security policies in clear and conspicuous locations on all websites and any mobile applications owned or been required operated by the Company.
(b) The execution, delivery and performance of this Agreement and the consummation of the contemplated transactions, including any transfer of Personal Data or proprietary information resulting from such transactions, will not materially violate any obligation, disclosure, representation or undertaking to notify any Person of any (A) lossregarding data privacy, theft or damage ofsecurity, breach notification, or their or its Personal Data or proprietary information.
(Bc) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the The Company and each of its Subsidiaries has have established and implemented commercially reasonable policies, programs and procedures that are in compliance in all material respects with applicable industry practices, including administrative, technical and physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards are designed to protect the confidentiality, integrity and security of Personal Data and proprietary information gathered, stored, processed, used or communicated by or on behalf of the Company or any of its Subsidiaries, as applicable, against loss, theft or the unauthorized access, use, modification, disclosure or other misuse of such information.
(d) Neither the Company nor any Security Incidentof its Subsidiaries have ever experienced any loss, theft, damage, or, to the Knowledge of the Company, unauthorized access, disclosure, use or breach of security of any Personal Data or proprietary information gathered, stored, processed, used or communicated by or on behalf of itself.
(e) No Person (including any Governmental Entity) has commenced any Proceeding relating to the Company’s or any of its Subsidiary’s privacy or data security policies, including taking all reasonable steps with respect to safeguard the collection, use, transfer, storage, or disposal of Personal Data and back up proprietary information maintained by or on behalf of the Company or any of its Subsidiaries, or threatened any such Proceeding, or made any complaint or, to the Company’s Knowledge, any investigation or inquiry relating to such practices.
(f) As of the date of this Agreement, there are no Proceedings pending against the Company or any of its Subsidiaries asserting any violation by the Company or any of its Subsidiaries of any (i) Information Privacy and Security Law, (ii) agreement (or portion thereof) to which the Company or any of its Subsidiaries is a party that relates to the protection of Personal Data, or (iii) of the Company’s or its Subsidiaries’ privacy and security policies applicable to Personal Data.
(eg) Each of The IT Assets (i) operate in all material respects in accordance with their documentation and functional specifications and otherwise as required by the Company and its Subsidiaries owns and have not materially malfunctioned or has a license or other right to use failed in the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are last three (i3) free from any defectyears, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary are sufficient for the operation immediate and reasonably foreseeable needs of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, including as to capacity, scalability, and ability to process current and anticipated peak volumes in a timely manner. The Company and its Subsidiaries have taken as a wholecommercially reasonable actions designed to protect the confidentiality, integrity and security of the IT Assets against unauthorized use, access, interruption, modification and corruption. In To the prior three yearsKnowledge of the Company, there have not has been no unauthorized access to the IT Assets that resulted in any material failuresunauthorized use, breakdowns access, modification, misappropriation, deletion, corruption, or continued substandard performance encryption of any information or data stored therein. The Company IT Systems that and its Subsidiaries have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) yearsimplemented commercially reasonable data backup, there have been no (except data storage, system redundancy and disaster avoidance and recovery procedures with respect to the extent completely remediated)IT Assets, and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemseach case consistent with customary industry practices.
Appears in 1 contract
Sources: Merger Agreement (Synacor, Inc.)
Privacy and Data Security. (a) In the prior three (3) years, the Company Seller is and its Subsidiaries have has been in compliance with Privacy Lawscompliance, and in each case in all material respects respects, with (i) Contracts (all Privacy Obligations. The Transaction will not, as of the Closing, violate in any material respect the Privacy Obligations of the Seller. Seller has posted or portions thereof) between made available privacy notices or privacy policies that materially comply with all Privacy Obligations and that accurately provide notice of the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to Business’s practices concerning the Processing of Personal Data, inclusive of Information. Seller has materially complied and is in material compliance with all disclosures required by applicable Privacy Laws (“Privacy such privacy notices and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeprivacy policies.
(b) In Seller has obtained all Privacy Consents to the prior three (3) years, extent required under the Privacy and Data Security Policies have at Obligations for all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data Information performed by or on behalf of the Company Seller or the Business and the Seller holds records evidencing any such Privacy Consents. The Seller has a valid and legal right (whether contractually, by Law, or otherwise) to Process all Personal Information that it Processes for the purpose such Personal Information was collected, used, or disclosed in connection with the Seller’s operation of its Subsidiaries Business.
(c) Seller maintains and has maintained a written information security program that is comprised of (i) internal processes, policies, and safeguards necessary to comply with Privacy Obligations and (ii) reasonable and appropriate organizational, physical, administrative and technical safeguards and controls designed to protect the security, confidentiality, integrity and availability of Personal Information Processed in the Business against loss, theft, unauthorized access or was acquisition, unauthorized modification, unauthorized disclosure, corruption or other misuse. Such safeguards and controls are reasonably consistent with (A) accepted practices within the industry in violation of any which the Business operates and (B) all Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsObligations.
(d) In the prior three (3) yearsSeller has executed a current, (i) there has been no unauthorized access tolegal, or unauthorized use, disclosure, or Processing of valid and binding agreement with each third party that Processes Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from Information for or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches Business that satisfies in all material respects the requirements of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal DataPrivacy Obligations.
(e) Each of the Company and its Subsidiaries owns or Seller has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are not (i) free from to Seller’s Knowledge, been under investigation by any defectGovernmental Authority for any actual or alleged violation of any Privacy Obligation, bug, virus or programming, design or documentation error and (ii) received any notices from any Governmental Authority relating to any actual or alleged violation of any Privacy Obligation, (iii) received any complaints or notices or other communications from any Person alleging a material violation of any Privacy Obligation; or (iv) been the subject of any past, current, or, to Seller’s Knowledge, pending action, lawsuit, or other proceeding alleging a violation any Privacy Obligation or concerning Seller’s Processing of Personal Information.
(f) Except as set forth in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses Section 3.25(f) of the Company Seller Disclosure Schedule, Seller has not experienced any Security Breach nor, to Seller’s Knowledge, has any contractor or agent of Seller experienced a Security Breach that materially impacted Sensitive Data Processed on behalf Seller. Seller has not been notified in writing or been required by any Privacy Obligation or Governmental Authority to notify in writing any Person of any Security Breach. To the extent applicable, Seller and, to Seller’s Knowledge, each of its contractors or agents that Processes Sensitive Data on Seller’s behalf, has reasonably addressed and its Subsidiaries remediated each such Security Breach in accordance with all Privacy Obligations.
(except for ordinary wear and tear)g) To the extent Seller has obligations under the PCI DSS, except in each case of clauses Seller: (i) is and has been in compliance in all material respects with the PCI DSS and the related card brand rules and requirements in any contracts between Seller and its payment processor or acquiring bank; (ii) has completed all required Reports on Compliance and/or Self-Assessment questionnaires, as such terms are defined under PCI DSS; and (ii), as is not iii) has undertaken all required scans and would not reasonably be expected to be, individually or in the aggregate, assessments of Seller’s cardholder data environment and successfully remediated all identified material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsvulnerabilities.
Appears in 1 contract
Sources: Asset Purchase Agreement (Eastern Bankshares, Inc.)
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken Except as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, Subsidiaries taken as a whole, the Company’s or any of its Subsidiaries’ collection, maintenance, transmission, transfer, storage, disposal, security, use and disclosure of Personal Information complies with and for the past three years has complied with all (i) Information Privacy and Security Laws; (ii) Contracts to which the Company or any of its Subsidiaries is a party; (iii) the Company’s then-current written privacy policies; and (iv) any consents, approvals, registrations or authorizations relating to Personal Information that were received from any Governmental Authority or the subject of that Personal Information, or that are required under any Information Privacy and Security Law.
(b) Except as would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries taken as a whole, the Company and each of its Subsidiaries have implemented and maintains a reasonable security plan in accordance with industry standards that (i) identifies internal and external risks to the security of Personal Information; (ii) implements and monitors adequate and effective administrative, electronic and physical safeguards to control those risks; (iii) maintains notification procedures in compliance with applicable Information Privacy and Security Laws in the case of any breach of security compromising data containing Personal Information; and (iv) includes commercially reasonable policies and procedures that apply to the Company and/or each Subsidiary with respect to privacy, data protection, processing, security and the collection and use of Personal Information gathered or accessed in the course of the operations of the Company and its Subsidiaries.
(c) The Company’s and its Subsidiaries’ IT Systems are in sufficiently good repair and operating condition for the business as currently conducted. In the prior three yearsSince January 1, 2014, there have not has been any material failuresno (A) failure, breakdowns breakdown or continued substandard performance of any Company IT Systems System that have has caused a material failure significant disruption or disruption interruption in or to the operation of the business, (B) theft, breach, loss, unauthorized acquisition or access, or other misuse of any Personal Information; (C) unauthorized disclosure of electronic communications or Personal Information to any third party, including any Governmental Authority; or (D) breach of the security or other unauthorized access, control, modification or destruction of any IT System. The Company IT Systems other than routine failures or disruptions that have been remediated in and each of its Subsidiaries has implemented reasonable backup, security and disaster recovery technology, plans, procedures and facilities consistent with industry practice.
(d) To the Ordinary Course Knowledge of Business. In the past three (3) yearsCompany, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsProducts as delivered by the Company and its Subsidiaries do not contain any computer code designed to disrupt, disable, harm, distort or otherwise impede in any manner the legitimate operation of such Company Products by or for the Company or any of its Subsidiaries or its respective authorized users, or any other associated Software, firmware, hardware, computer system or network (including what are sometimes referred to as “viruses,” “worms,” “time bombs” and/or “back doors”).
Appears in 1 contract
Privacy and Data Security. (a) In The Target Companies comply and at all times in the prior past three (3) yearsyears have complied, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with all of the following: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and Privacy Laws; (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Company Privacy and Data Security Policies,” ; and together with Privacy Laws and such Contracts, (iii) any Contract requirements or terms of use concerning the Processing of Personal Information to which a Target Company is a party or otherwise bound as of the date hereof (“Privacy CommitmentsAgreements”). To the Knowledge of the Company, the operation of the business of the Target Companies has not and does not violate any right to privacy of any third person under applicable Law.
(b) The execution, delivery delivery, and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby do not and will not: (i) conflict with or thereby, are not reasonably expected to, directly or indirectly, result in a violation or breach by the Company of any Privacy Commitments that would be materially adverse to the Laws, Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have (as currently existing or as existing at all times been maintained and made available any time during which any Personal Information was collected or Processed by the Company, or Privacy Agreements); or (ii) require the consent of or notice to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of any Person concerning such Person’s Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal DataInformation.
(c) There is (The Company has delivered or made available to SPAC true, complete, and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the correct copies of all Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Privacy and Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSecurity Policies.
(d) In To the prior three (3) yearsKnowledge of the Company, (i) there no Person has been no obtained unauthorized access to, or unauthorized use, disclosure, or Processing of to Personal Data Information in the possession or control of the Company or its Subsidiaries or Company, nor has there been any of its contractors with regard to any Personal Data obtained from or on behalf other material compromise of the security, confidentiality or integrity of such information or data, and no written or, to the Knowledge of the Company, oral complaint relating to an improper use or disclosure of, or a breach in the security of, any such information or data has been received by the Company or its Subsidiaries (a “Security Incident”). The Company has not notified and, (ii) to Knowledge of the Company, there have been no unauthorized intrusions facts or breaches of security into any Company IT Systems, and (iii) none of circumstances that would require the Company to notify, any Governmental Authority or any of its Subsidiaries has notified or been required to notify any other Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, the Company has not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and there have has not been no any audit, investigation, enforcement action (except to the extent completely remediatedincluding any fines or other sanctions), and or other Action, relating to any actual, alleged, or suspected Security Incident or violation of any Privacy Agreements, or any Person’s individual privacy rights involving Personal Information in the possession or control of the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 1 contract
Sources: Business Combination Agreement (New Providence Acquisition Corp. III/Cayman)
Privacy and Data Security. With regard to matters of privacy and data security:
(a) In the prior three (3) yearsTo Seller’s Knowledge, the Company Seller has been and its Subsidiaries have been is in compliance with Privacy Laws, and in all material respects with all applicable Requirements of Law regarding the collection, creation, processing, use, disclosure, storage, transfer and secure destruction of sensitive data, which was collected or processed in connection with the Business (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contractscollectively, “Privacy CommitmentsData Protection Laws”). The executionExcept as would not, delivery and performance by individually or in the Company of this Agreement aggregate, be expected to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse material to the Company and its Subsidiaries, Business taken as a whole, Seller has made all required material filings, disclosures and registrations under applicable Data Protection Laws with any relevant governmental authority, to the extent applicable, and all such filings, disclosures and registrations are current and up-to-date) in all material respects.
(b) In the prior three Seller has not and does not collect, create, process, use, disclose, store, transfer or destroy any Protected Health Information (3as defined under HIPAA) yearsfrom or on behalf of any source, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Datatherefore is exempt from HIPAA’s requirements.
(c) There is (Seller has established, implemented, and maintains privacy, data security and cybersecurity policies, programs and procedures that are in compliance in all material respects with any applicable Requirement of Law, and Seller’s obligations under any agreement, including reasonable and appropriate administrative, technical and physical safeguards, and disaster recovery, business continuity, and incident response plans, designed to protect the prior three years there has been) no confidentiality, integrity, availability and security of sensitive data in its possession, custody or control against unauthorized access, use, disclosure or other misuse, and to safeguard the Business against the risk of material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitmentsbusiness disruption.
(d) In the prior three (3) yearsExcept as set forth in Schedule 7.24, attached hereto and incorporated herein by reference, to Seller’s Knowledge: (i) there has have been no unauthorized access tomaterial failures, breakdowns, continued substandard performance, introduction of any malware, viruses, ransomware, bugs, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control other malicious codes into any of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf systems of the Company Business that have caused a material disruption or its Subsidiaries (“Security Incident”), material interruption in or to the use of such Business systems; (ii) there have been no privacy or data security breaches (including ransomware or a cyber-attack) resulting in the unauthorized intrusions access, acquisition, exfiltration, manipulation, erasure, use, or breaches disclosure of security into any Company IT Systemssensitive data or Trade Secrets or that triggered any reporting requirement under any breach notification law or contract provision; and, and (iii) none no service provider (in the course of providing services for or on behalf of Seller) has suffered any material privacy or data security breach that resulted in the unauthorized access, acquisition, exfiltration, manipulation, erasure, use, or disclosure of any sensitive data of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal DataBusiness.
(e) Each Seller does not store or transfer any sensitive data offshore to, or receives any sensitive data from, any location outside the United States of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsAmerica.
Appears in 1 contract
Sources: Asset Purchase Agreement (Data443 Risk Mitigation, Inc.)
Privacy and Data Security. (a) In the prior three (3) years, Each Company and the Company and its Subsidiaries have been in compliance with Privacy LawsSubsidiaries, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing Knowledge of such Company, all Affiliates and/or third parties processing Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.Information on behalf of
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrativebe, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually material to the business of such Company and the Company Subsidiaries, the execution, delivery, and performance of this Agreement and the transactions contemplated hereby will not: (i) conflict with or result in a violation or breach of any Privacy and Cybersecurity Requirements; (ii) require the aggregateconsent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit the Purchaser’s rights to own and process any Personal Information used in or necessary for the operation of such Company’s and the Company Subsidiaries’ business; or (iv) otherwise prohibit the transfer of Personal Information to the Purchaser.
(c) Except as would not be, and would not reasonably be expected to be, material to the business of such Company and its the Company Subsidiaries, taken as a whole. In such Company and the prior three years, there Company Subsidiaries own or have not been any material failures, breakdowns or continued substandard performance of any Company the right to use all IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated currently used in the Ordinary Course of Business. In During the past three (3) years, years preceding the date of this Agreement (i) there have been no (except Security Incidents affecting such Company and Company Subsidiaries or to the extent completely remediatedKnowledge of such Company any Data Partners, (ii) there have been no failures, breakdown, performance reduction, disruptions or other adverse event in any IT Systems, and (iii) the IT Systems have been free from malicious code or any other code intentionally designed to permit unauthorized access to a computer or network or unauthorized disablement or corruption or erasure of software, hardware or date, except in each case in subsections (i), (ii) and (iii) where any such occurrence would not be expected to be material to the Company’s KnowledgeBusiness.
(d) Except as would not be, there are no and would not reasonably be expected to be, material security deficiencies or vulnerabilities to the business of such Company and the Company Subsidiaries, such Company and the Company Subsidiaries have at all times in the Company IT Systems.past three (3) years implemented, maintained and complied with, and required all Data Partners to at all times implement, maintain and comply with, commercially reasonable technical, physical, and organizational measures, plans, procedures, controls, and programs, including a written information security program, which (i) at a minimum are consistent with industry standard practice, (ii) protect the integrity, availability and security of
Appears in 1 contract
Privacy and Data Security. (a) In The Target Companies, and, to Knowledge of the prior Company, all vendors, processors, or other third parties acting for or on behalf of a Target Company in connection with the Processing of Personal Information or that otherwise have been authorized to have access to Personal Information in the possession or control of the Target Companies, comply and at all times in the past three (3) yearsyears have complied, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with all of the following: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and Privacy Laws; (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Company Privacy and Data Security Policies,” ; and together with Privacy Laws and such Contracts, (iii) any Contract requirements or terms of use concerning the Processing of Personal Information to which a Target Company is a party or otherwise bound as of the date hereof (“Privacy CommitmentsAgreements”). To the Knowledge of the Company, the operation of the business of the Target Companies has not and does not violate any right to privacy or publicity of any third person under applicable Law.
(b) The execution, delivery delivery, and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby do not and will not: (i) conflict with or thereby, are not reasonably expected to, directly or indirectly, result in a violation or breach of any Privacy Commitments that would be materially adverse to the Laws, Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have (as currently existing or as existing at all times been maintained and made available any time during which any Personal Information was collected or Processed by or for the Target Companies, or Privacy Agreements); or (ii) require the consent of or notice to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of any Person concerning such Person’s Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal DataInformation.
(c) There is (and in the prior three years there The Company has been) no material Legal Proceeding pending or, delivered or made available to the Company’s knowledgePurchaser true, threatened against or involving the complete, and correct copies of all Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Privacy and Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSecurity Policies.
(d) In To the prior three (3) yearsKnowledge of the Company, (i) there no Person has been no obtained unauthorized access to, or unauthorized use, disclosure, or Processing of to Personal Data Information in the possession or control of a Target Company, nor has there been any other material compromise of the Company security, confidentiality or its Subsidiaries integrity of such information or any of its contractors with regard data, and no written or, to any Personal Data obtained from or on behalf the Knowledge of the Company, oral complaint relating to an improper use or disclosure of, or a breach in the security of, any such information or data has been received by a Target Company or its Subsidiaries (a “Security Incident”). The Target Companies have not notified and, (ii) to Knowledge of the Company, there have been no unauthorized intrusions facts or breaches of security into circumstances that would require a Target Company to notify, any Company IT Systems, and (iii) none of the Company Governmental Authority or any of its Subsidiaries has notified or been required to notify any other Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, the Target Companies have not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and there have has not been no any audit, investigation, enforcement action (except including any fines or other sanctions), or other Action, (i) relating to any actual, alleged, or suspected Security Incident or violation of any Privacy Agreements, or any Person’s individual privacy rights involving Personal Information in the possession or control of the Target Companies, or held or Processed by any vendor, processor, or other third party for or on behalf of the Target Companies; (ii) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (iii) permitting or mandating any Governmental Authority to investigate, requisition information from, or enter the premises of, the Target Companies, and, to the extent completely remediated), and to Knowledge of the Company’s Knowledge, there are no material security deficiencies facts or vulnerabilities circumstances that would reasonably be expected to give rise to any of the foregoing.
(f) Each Target Company has at all times in the past three (3) years implemented and maintained, and required all vendors, processors, or other third parties that Process any Personal Information for or on behalf of the Target Companies to implement and maintain, commercially reasonable security measures, plans, procedures, controls, and programs consistent with Privacy Agreements.
(g) The Company IT Systemsmaintains a cyber insurance policy that is adequate and suitable for the nature and volume of Personal Information Processed by or on behalf of the Target Companies and is sufficient for compliance with all applicable Laws and Contracts to which any of the Target Companies is a party or by which it is bound. The Company has delivered or made available to the Purchaser a true, complete, and correct copy of such cyber insurance policy.
Appears in 1 contract
Privacy and Data Security. (a) In Except as set forth in section 4.13 of the prior three Disclosure Schedule, in the collection, use, storage and Processing (3including transfer to a third party or to any jurisdiction, to the extent applicable) yearsby the Company or any of its Subsidiaries of any Personal Data, the Company and or such Subsidiarity, its Subsidiaries Personal Data Processors and, to the Company’s Knowledge, its Personal Data Suppliers have been in compliance with Privacy Laws, and complied in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Information Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) yearsLaws, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified and, to the extent obligated by contract to do so, the Privacy Policies of Personal Data Suppliers. The Company and its Subsidiaries have taken commercially reasonable measures to prevent unauthorized use, access or been alteration of Personal Data in their possession or control, which measures are in material compliance with applicable Information Privacy Laws and Privacy Policies. Without limiting the foregoing, (i) the Company and its Subsidiaries and, to the Company’s Knowledge, its Personal Data Suppliers have provided, and in such manner as required under applicable Information Privacy Laws, adequate notices to notify any Person and acquired all necessary consents from Data Subjects for the use, and Processing (including transfer to a third party of any jurisdiction, to the extent applicable) of all Personal Data Processed by the Company or any of its Subsidiaries and otherwise have all requisite legal authority to Process, use and hold (Aincluding transfer to a third party of any jurisdiction, to the extent applicable) lossPersonal Data in the manner it is now Processed by the Company, theft any of its Subsidiaries or damage ofany Personal Data Processor on behalf of the Company or any of its Subsidiaries and (ii) with respect to all Personal Data in the databases owned or licensed by the Company or its Subsidiary, the Company, its Subsidiaries and, to the Company’s Knowledge, its Personal Data Suppliers have provided, where and in such manner as required under applicable Information Privacy Laws, adequate disclosures and notices, requisite consents from Data Subjects and have sufficient legal ground under applicable law to Process such Personal Data in the manner it is now Processed by the Company or its Subsidiary or any Personal Data Processor on behalf of the Company, including transfer to a third party of any jurisdiction, to the extent applicable).
(b) To the extent that the Company or any of its Subsidiaries Processes any financial account numbers (such as credit cards, bank accounts, PayPal accounts, debit cards), passwords, CCV data, or other related data (B) other unauthorized “Cardholder Data”), the Company and/or each of its Subsidiaries as applicable has implemented information security procedures, processes and systems that have at all times met or unlawful access to, or use, disclosure or other exceeded all applicable Laws related to the Processing of, Personal of Cardholder Data, except, in each case of clauses (i), (ii)including those established by applicable Governmental Authorities, and the Payment Card Industry Standards Council (iiiincluding the Payment Card Industry Data Security Standard), as would not have a Company Material Adverse Effect. .
(c) Each of the Company and its Subsidiaries has implemented at all times made available, where and in such manner as required under applicable Information Privacy Laws, a Privacy Policy which materially complies with applicable Information Privacy Laws to Persons (including any Data Subjects) prior to and during the collection of any Personal Data online. Such Privacy Policy, and any other representations, marketing materials and advertisements that address privacy issues and the treatment of Personal Data, accurately and completely describe, in a timely manner in accordance with applicable Law, the Company’s or its Subsidiaries’, as applicable, information collection and use practices, including reasonable safeguards in place designed to protect the privacy, security, and integrity of all Personal Data, and no such notices or disclosures have been misleading or deceptive or, to the Knowledge of the Company, inaccurate. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries has collected or received any Personal Data online from children under the age of 16 without verifiable parental consent or directed any of its websites to children under the age of 16 through which such Personal Data could be obtained. 50
(d) Other than as set forth on Section 4.13(d) of the Disclosure Schedule, none of the Company or its Subsidiaries sells, rents or otherwise makes available to any Person any Personal Data, except in a manner that complies in all material respects with the applicable Privacy Policies and in compliance with Information Privacy Laws. The execution, delivery and performance of this Agreement and the transactions contemplated herein, including any transfer of Personal Data resulting from the execution, delivery and performance of this Agreement, complies, and will comply with, all Information Privacy Laws, the Privacy Policy of the Company and its Subsidiaries, and, to the extent obligated by contract to do so, the Privacy Policies of Personal Data Suppliers. Following the Closing Date, the Company and its Subsidiaries will continue to be permitted to collect, store, use and disclose Personal Data held by the Company or its Subsidiaries on terms identical to those in effect as of the date of this Agreement and to the same extent they would have been able to had the transactions contemplated by this Agreement not occurred.
(e) None of the Company and its Subsidiaries has received any written notice that it is or has been in material breach of any contractual obligation to limit its use of, secure or otherwise safeguard Personal Data, including any allegation that there has been a material breach of any Business Associate Agreement (i.e., a “business associate contract” as described under HIPAA at 45 C.F.R. § 164.504(e)) to which the Company or any of its Subsidiaries is a party, the EU General Data Protection Regulation, any data protection agreement (including standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council or any equivalent of successor thereof) to which the Company or any of its Subsidiaries is a party or of any violation by the Company or any of its Subsidiaries of their commitments under the EU-US Privacy Shield (as applicable), and, to the Company’s Knowledge, no such breach or violation has occurred within the applicable statute of limitation for a claim arising out of such a breach or violation. The Company and its Subsidiaries have in place and follows commercially reasonable administrativeprocedures designed to ensure that all written contracts with Confidential Data Processors require that such Confidential Data Processor Process Data in compliance with the Information Privacy Laws, physical the Company’s or its Subsidiaries’ Privacy Policy and technical safeguardsthe Company’s or its Subsidiaries’ obligations under any contract that governs the Processing of any Confidential Data.
(f) Except as set forth on Section 4.13(f) of the Disclosure Schedule, (i) neither the Company nor any of its Subsidiaries has experienced any unauthorized access to, disclosure, deletion or other misuse of, any Personal Data in its possession or control (a “Security Incident”) or made or been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident, (ii) no Confidential Data Processor has experienced any Security Incident or made or been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident with respect to any Personal Data Processed by it for the Company or for any of its Subsidiaries, (iii) to the Company’s Knowledge, no Personal Data Supplier has experienced any Security Incident or made or has been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident with respect to any Personal Data provided by it to the Company or to any of its Subsidiaries. The Company and each of its Subsidiaries has made all notifications to Data Subjects, customers or individuals required to be made by the Company or any of its Subsidiaries (as applicable) under any applicable Information Privacy Laws arising out of or relating to any event of unauthorized access to or disclosure or acquisition of any Personal Data by any person of which the Company has Knowledge.
(g) No action, audit, assessment, suit, legal proceeding, investigation, administrative enforcement proceeding or arbitration proceeding before any court, administrative body or Governmental Authority has been filed or commenced against the Company, any of its Subsidiaries or, to the Company’s Knowledge, threatened against the Company or its Subsidiaries, alleging any failure to comply with any Information Privacy Laws, and ensures that the Company and each of its contractors processing Subsidiaries has not incurred any material liabilities under any Information Privacy Laws. To the Company’s Knowledge, no Action has been filed, commenced or threatened against any Personal Data take such safeguards Supplier or Confidential Data Processor with respect to any Personal Data supplied to or Confidential Data Processed for the Company and each of its Subsidiaries.
(h) The Company, its Subsidiaries and its third-party service provider(s), if applicable, have implemented appropriate technical and organizational security measures to protect the confidentiality, integrity and security of Personal Data the IT Assets (and information stored or contained therein or transmitted thereby) against any Security Incidentunauthorized use, including taking all reasonable steps to safeguard and back up Personal Dataaccess, disclosure, loss, destruction, interruption, modification or corruption.
(ei) Each of In the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each Processing by the Company or any of its Subsidiaries as currently conducted. All Company IT Systems are (i) free from of any defectPersonal Data, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation each of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three yearsits Confidential Data Processors and, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies its Personal Data Suppliers has materially complied with all applicable Information Privacy Laws and applicable codes of practice in relation to marketing, advertising and profiling activities, as well as the placing of cookies on the Company’s or vulnerabilities in the Company IT Systemsits Subsidiaries’ websites, including providing any notices an disclosures and obtaining any consents as necessary under applicable Laws.
Appears in 1 contract
Sources: Share Purchase Agreement
Privacy and Data Security. (a) In except as has not had and would not reasonably be expected to have a Company Material Adverse Effect, the prior three (3) years, practices of the Company and its Subsidiaries have been in compliance with Privacy Lawssubsidiaries concerning collection, use, analysis, retention, storage, protection, security, transfer, disclosure, disposal, and in all material respects with other processing of Personal Information comply with, and have not violated, any (i) Contracts (Contract, including any business associate agreement, data processing agreement or portions thereof) between data use agreement entered into by the Company or its Subsidiaries and other Persons relating to Personal Data and subsidiaries with a client, (ii) applicable Privacy Law, or (iii) internal or external written policies, public statements and other public representations relating to the Processing policy of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
subsidiaries; (b) In the prior three (3) yearsexcept as has not had and would not reasonably be expected to have a Company Material Adverse Effect, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Lawssince January 1, are accurate and complete and are not misleading or deceptive (including by omission). The practices of 2018, neither the Company nor any of its subsidiaries has (i) received written or its Subsidiaries with respect to the Processing other notice of Personal Data conform in all material respects to the an investigation by any Governmental Authority for an actual or alleged violation of any applicable Privacy and Data Security Policies that govern such Personal Data.
Law, or (cii) There is received any written (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against other) complaints or involving the Company or its Subsidiaries initiated by notices from any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) person alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in a violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
Law; (dc) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any and each of its contractors with regard subsidiaries has implemented reasonable administrative, physical, organizational, and technical safeguards to any protect the Personal Data obtained from or on behalf of Information processed by the Company or and its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systemssubsidiaries, and (iii) none of such safeguards take into account the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), size and (iii), as would not have a Company Material Adverse Effect. Each scope of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing the risks posed to the Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of Information processed by the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defectsubsidiaries, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear)such failures to implement as has not been, except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its SubsidiariesGroup, taken as a whole. In The Company and its subsidiaries maintain, and have remained in compliance with, written policies and procedures concerning the prior three years(i) protection of Personal Information, (ii) the protection of the systems, technology and networks that process such Personal Information, and (iii) prevention, detection, containment, and correction of security incidents and violations respecting its information systems, except for such failures to maintain or remain in compliance as have not been, and would not reasonably be expected to be, individually or in the aggregate, material to the Company Group, taken as a whole; (d) except as has not had and would not reasonably be expected to have a Company Material Adverse Effect, since January 1, 2018, there have not has been any material failures, breakdowns no: (i) unauthorised disclosure or continued substandard performance use of any Company IT Systems that have caused a material failure Personal Information in the possession, custody or disruption control of the Company IT Systems other than routine failures or disruptions that any of its subsidiaries, or (ii) breach of any of the Company’s or its subsidiaries’ security procedures wherein Personal Information has been disclosed to an unauthorised third person. Since January 1, 2018, neither the Company nor any of its subsidiaries has notified another party or a Governmental Authority of any security incident or breach of information security procedures; (e) except as has not had and would not reasonably be expected to have been remediated in the Ordinary Course of Business. In the past three (3) yearsa Company Material Adverse Effect, there have been no (except to the extent completely remediated)that the Company or its subsidiaries collect Personal Information of persons located outside of the United States, the Company and its subsidiaries have implemented sufficient mechanisms to ensure that the transfers of Personal Information from such persons’ home country to any other country complies with Privacy Laws, including any applicable restrictions placed on the transfer of such Personal Information; (f) except as has not had and would not reasonably be expected to have a Company Material Adverse Effect, the Company and its subsidiaries have entered into written agreements with each third-party service provider, vendor and business partner that has access (including storage) to Personal Information on behalf of the Company (“Data Related Vendors”) that require compliance with all Privacy Laws. To the knowledge of the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.and its subsidiaries have taken reasonable and sufficient steps to select and retain only those Data Related Vendors that have maintained the confidentiality and security of the Personal Information to which they have access;
Appears in 1 contract
Sources: Implementation Agreement (Oxford Immunotec Global PLC)
Privacy and Data Security. (a) In the prior three (3) years, the The Company and its Subsidiaries have been in compliance with Privacy Laws, and complied in all material respects with all applicable (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and Privacy Laws, (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement contractual terms to which the Company or any of its Subsidiaries is a party or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments is otherwise bound that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of impose obligations on the Company or its Subsidiaries with respect to Personal Information, privacy, information security and marketing and (iii) the Company’s internal and external (including publicly posted) policies, notices, representations or guidelines relating to Personal Information, privacy and/or security of Personal Information (“Privacy Policies”) (collectively, “Privacy and Data Security Requirements”). The Company nor its Subsidiaries have received any complaint, inquiry or request for information or documents, and no Legal Proceeding is pending or to the knowledge of the Company, threatened against the Company or its Subsidiaries alleging that the Processing of Personal Data conform in all material respects to Information by the Company or its Subsidiaries violates any applicable Privacy and Data Security Policies that govern such Requirements. None of the representations or disclosures made or contained in any Privacy Policy are or have been inaccurate, misleading or deceptive or in violation of any applicable Privacy and Data Security Requirements.
(b) Neither the (i) the execution, delivery or performance of this Agreement or any other agreements referred to in this Agreement, nor (ii) the consummation of any of the transactions contemplated hereby will result in violation of any applicable Privacy and Data Security Requirements. The Company and its Subsidiaries have at all times made all required disclosures to, and obtained all consents from, users, customers, employees, contractors, governmental bodies and other applicable third parties required by all applicable Privacy and Data Security Requirements and as necessary for the Company’s and its Subsidiaries’ Processing of Personal DataInformation in connection with the conduct of its business as it has been conducted.
(c) There is (The Company and its Subsidiaries have at all times implemented and maintained in the prior three years there has been) no material Legal Proceeding pending orplace reasonable and appropriate physical, technical and administrative security programs, policies, procedures and such other measures required by applicable Privacy and Data Security Requirements, to the Company’s knowledge, threatened against or involving protect Personal Information that the Company or its Subsidiaries initiated by any Person Processes in connection with the operation of its business from destruction, loss, alteration, damage, unauthorized access or disclosure or illegal or unauthorized Processing (including (i) the Federal Trade Commission, any state attorney general “Security Policies”). No breach or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any such Security Policies or any Privacy CommitmentsPolicy has occurred or is threatened. To the Company’s KnowledgeThere has not been any destruction, there are no factsloss, circumstances alteration, damage, unauthorized access or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation disclosure or illegal or unauthorized Processing of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data Information that is in the possession or control of the Company or its Subsidiaries. The Company and its Subsidiaries have not experienced any Security Incident, phishing incident, ransomware or malware attack, malicious disruption of the Systems or other incident in which Personal Information was or may have been accessed, disclosed, acquired or exfiltrated in an unauthorized manner and the Company and its Subsidiaries have not received any notices from any Person or has been the subject of any actual or threatened claim, Legal Proceeding, or investigation with respect thereto.
(d) The Systems that are material to the conduct of the business have commercially reasonable security, back-ups and disaster recovery arrangements in place that comply with the applicable Privacy and Data Security Requirements. The Systems have never suffered any material failure and the Company and its contractors Subsidiaries have undertaken and implemented measures to prevent any material failures.
(e) The Company and its Subsidiaries have obtained written agreements from all subcontractors and third-party vendors to whom the Company and/or its Subsidiaries have provided or disclosed Personal Information that (1) satisfy the requirements of the Privacy and Data Security Requirements, and (2) bind the subcontractor and third-party vendors to at least the same restrictions and conditions that apply to the Company and/or its Subsidiaries with regard respect to any such Personal Data obtained from Information.
(f) The Company and its Subsidiaries have taken commercially reasonable steps to limit access to Personal Information to: (i) the Company and its Subsidiaries personnel and to subcontractors and third-party vendors providing services to or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, exceptSubsidiaries, in each case to those who have a need to know such Personal Information in the execution of clauses (i), their duties to the Company or its Subsidiaries; and (ii)) such other Persons permitted to access such Personal Information in accordance with the Privacy Policies, and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards contractual obligations to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each which the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsbound.
Appears in 1 contract
Privacy and Data Security. (a) In The Company and the Company Subsidiaries in the five (5) years prior three to the date hereof has, in all material respects, complied with all Privacy Laws and binding data processing industry standards or frameworks applicable to the Company or the Company Subsidiaries, including in relation to (3i) yearsspam, unsolicited communications, marketing, (ii) any privacy policy or notice of the Company and its Subsidiaries the Company Subsidiaries, (iii) any obligations under any Contract relating to privacy or processing of Personal Information, and (iv) any Personal Information that has been collected, acquired, accessed, viewed, used, processed, disclosed, transferred and received, or obtained from any other Person.
(b) Copies of all current Company’s and the Company Subsidiaries’ written and final form policies required under Privacy Laws have been made available to the Purchaser and such copies are, in compliance with all material respects, true, correct, and complete.
(c) The Company and each of the Company Subsidiaries is not subject to any prohibition or restriction which would prevent or restrict it, in any material respect, from processing or continuing to process any Personal Information previously collected by them in the context of the Business as currently conducted (“Target Data”) immediately following the Closing on the terms of such collection.
(d) Where the Company or any of the Company Subsidiaries uses a Person to process Personal Information on its behalf, where required by Privacy Laws, there is in existence a written Contract, that complies with the requirements of all Privacy Laws, including any cross border transfer requirements for transferring European and in all material respects with (i) Contracts (or portions thereof) United Kingdom Personal Information to the United States, applicable to the processing and transfer of such Personal Information, between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a partySubsidiary and each such Person, and the consummation of the transactions contemplated hereby or thereby, are except as would not reasonably expected tobe expected, directly individually or indirectlyin the aggregate, result in a violation of any Privacy Commitments that would to be materially adverse material to the Company and its the Company Subsidiaries, taken as a whole.
(be) In the five (5) years prior three (3) yearsto the date hereof, the Privacy Company and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices each of the Company Subsidiaries (i) have not suffered a Personal Data Breach of any Personal Information in their possession, custody or its control and (ii) has not provided or been legally required to provide any notices to any Person in connection with any such Personal Data Breach.
(f) In the five (5) years prior to the date hereof, the Company and the Company Subsidiaries have regularly (at least annually) performed vulnerability assessments and used commercially reasonable efforts to address and remediate, in all material respects, all critical or high-risk threats and deficiencies identified in each such assessment.
(g) In the five (5) years prior to the date hereof, no Person (including any Governmental Authority) has made any material written claim or commenced any action of any kind against the Company or a Company Subsidiary with respect to the Processing loss, damage, or unauthorized access, use, processing, modification of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending oror other misuse of, to the Company’s knowledgeor illegal or unpermitted processing of, threatened against any information or involving data by the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard their respective employees or contractors.
(h) In the five (5) years prior to the date hereof, no Person (including any Personal Data obtained from Governmental Authority) has made any material written claim, written notice or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of investigation against the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Dataalleging non-compliance with Privacy Laws.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), Except as is not and would not reasonably be expected to beexpected, individually or in the aggregate, to be material to the Company and its the Company Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems and the Company Subsidiaries have procured valid consents, where required under Privacy Laws, including in relation to cookies or other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) yearstracking technologies, there have been no (except as well as to the extent completely remediated)required for the execution, delivery, and performance of this Agreement.
(j) Except as would not reasonably be expected, individually or in the aggregate, to be material to the Company’s KnowledgeCompany and the Company Subsidiaries, there are no material security deficiencies or vulnerabilities taken as a whole, the Company and the Company Subsidiaries do not knowingly process and have not in the five (5) years prior to the date hereof processed Personal Information of any natural Person known to be under the age of 18 (or other age applicable to children under applicable Privacy Laws) in violation of any Privacy Laws and the Company IT Systemsand the Company Subsidiaries have procedures in place to comply with Privacy Laws related to children’s privacy, including COPPA, to the extent applicable.
(k) The Company has at all times in the five (5) years prior to the date hereof complied in all material respects with all Privacy Laws related to spam, unsolicited communications and marketing.
Appears in 1 contract
Privacy and Data Security. (a) In Except as set forth in section 4.13 of the prior three Disclosure Schedule, in the collection, use, storage and Processing (3including transfer to a third party or to any jurisdiction, to the extent applicable) yearsby the Company or any of its Subsidiaries of any Personal Data, the Company and or such Subsidiarity, its Subsidiaries Personal Data Processors and, to the Company’s Knowledge, its Personal Data Suppliers have been in compliance with Privacy Laws, and complied in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Information Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) yearsLaws, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified and, to the extent obligated by contract to do so, the Privacy Policies of Personal Data Suppliers. The Company and its Subsidiaries have taken commercially reasonable measures to prevent unauthorized use, access or been alteration of Personal Data in their possession or control, which measures are in material compliance with applicable Information Privacy Laws and Privacy Policies. Without limiting the foregoing, (i) the Company and its Subsidiaries and, to the Company’s Knowledge, its Personal Data Suppliers have provided, and in such manner as required under applicable Information Privacy Laws, adequate notices to notify any Person and acquired all necessary consents from Data Subjects for the use, and Processing (including transfer to a third party of any jurisdiction, to the extent applicable) of all Personal Data Processed by the Company or any of its Subsidiaries and otherwise have all requisite legal authority to Process, use and hold (Aincluding transfer to a third party of any jurisdiction, to the extent applicable) lossPersonal Data in the manner it is now Processed by the Company, theft any of its Subsidiaries or damage ofany Personal Data Processor on behalf of the Company or any of its Subsidiaries and (ii) with respect to all Personal Data in the databases owned or licensed by the Company or its Subsidiary, the Company, its Subsidiaries and, to the Company’s Knowledge, its Personal Data Suppliers have provided, where and in such manner as required under applicable Information Privacy Laws, adequate disclosures and notices, requisite consents from Data Subjects and have sufficient legal ground under applicable law to Process such Personal Data in the manner it is now Processed by the Company or its Subsidiary or any Personal Data Processor on behalf of the Company, including transfer to a third party of any jurisdiction, to the extent applicable).
(b) To the extent that the Company or any of its Subsidiaries Processes any financial account numbers (such as credit cards, bank accounts, PayPal accounts, debit cards), passwords, CCV data, or other related data (B) other unauthorized “Cardholder Data”), the Company and/or each of its Subsidiaries as applicable has implemented information security procedures, processes and systems that have at all times met or unlawful access to, or use, disclosure or other exceeded all applicable Laws related to the Processing of, Personal of Cardholder Data, except, in each case of clauses (i), (ii)including those established by applicable Governmental Authorities, and the Payment Card Industry Standards Council (iiiincluding the Payment Card Industry Data Security Standard), as would not have a Company Material Adverse Effect. .
(c) Each of the Company and its Subsidiaries has implemented at all times made available, where and in such manner as required under applicable Information Privacy Laws, a Privacy Policy which materially complies with applicable Information Privacy Laws to Persons (including any Data Subjects) prior to and during the collection of any Personal Data online. Such Privacy Policy, and any other representations, marketing materials and advertisements that address privacy issues and the treatment of Personal Data, accurately and completely describe, in a timely manner in accordance with applicable Law, the Company’s or its Subsidiaries’, as applicable, information collection and use practices, including reasonable safeguards in place designed to protect the privacy, security, and integrity of all Personal Data, and no such notices or disclosures have been misleading or deceptive or, to the Knowledge of the Company, inaccurate. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries has collected or received any Personal Data online from children under the age of 16 without verifiable parental consent or directed any of its websites to children under the age of 16 through which such Personal Data could be obtained.
(d) Other than as set forth on Section 4.13(d) of the Disclosure Schedule, none of the Company or its Subsidiaries sells, rents or otherwise makes available to any Person any Personal Data, except in a manner that complies in all material respects with the applicable Privacy Policies and in compliance with Information Privacy Laws. The execution, delivery and performance of this Agreement and the transactions contemplated herein, including any transfer of Personal Data resulting from the execution, delivery and performance of this Agreement, complies, and will comply with, all Information Privacy Laws, the Privacy Policy of the Company and its Subsidiaries, and, to the extent obligated by contract to do so, the Privacy Policies of Personal Data Suppliers. Following the Closing Date, the Company and its Subsidiaries will continue to be permitted to collect, store, use and disclose Personal Data held by the Company or its Subsidiaries on terms identical to those in effect as of the date of this Agreement and to the same extent they would have been able to had the transactions contemplated by this Agreement not occurred.
(e) None of the Company and its Subsidiaries has received any written notice that it is or has been in material breach of any contractual obligation to limit its use of, secure or otherwise safeguard Personal Data, including any allegation that there has been a material breach of any Business Associate Agreement (i.e., a “business associate contract” as described under HIPAA at 45 C.F.R. § 164.504(e)) to which the Company or any of its Subsidiaries is a party, the EU General Data Protection Regulation, any data protection agreement (including standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council or any equivalent of successor thereof) to which the Company or any of its Subsidiaries is a party or of any violation by the Company or any of its Subsidiaries of their commitments under the EU-US Privacy Shield (as applicable), and, to the Company’s Knowledge, no such breach or violation has occurred within the applicable statute of limitation for a claim arising out of such a breach or violation. The Company and its Subsidiaries have in place and follows commercially reasonable administrativeprocedures designed to ensure that all written contracts with Confidential Data Processors require that such Confidential Data Processor Process Data in compliance with the Information Privacy Laws, physical the Company’s or its Subsidiaries’ Privacy Policy and technical safeguardsthe Company’s or its Subsidiaries’ obligations under any contract that governs the Processing of any Confidential Data.
(f) Except as set forth on Section 4.13(f) of the Disclosure Schedule, (i) neither the Company nor any of its Subsidiaries has experienced any unauthorized access to, disclosure, deletion or other misuse of, any Personal Data in its possession or control (a “Security Incident”) or made or been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident, (ii) no Confidential Data Processor has experienced any Security Incident or made or been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident with respect to any Personal Data Processed by it for the Company or for any of its Subsidiaries, (iii) to the Company’s Knowledge, no Personal Data Supplier has experienced any Security Incident or made or has been required to make any disclosure, notification or take any other action under any applicable Information Privacy Laws in connection with any Security Incident with respect to any Personal Data provided by it to the Company or to any of its Subsidiaries. The Company and each of its Subsidiaries has made all notifications to Data Subjects, customers or individuals required to be made by the Company or any of its Subsidiaries (as applicable) under any applicable Information Privacy Laws arising out of or relating to any event of unauthorized access to or disclosure or acquisition of any Personal Data by any person of which the Company has Knowledge.
(g) No action, audit, assessment, suit, legal proceeding, investigation, administrative enforcement proceeding or arbitration proceeding before any court, administrative body or Governmental Authority has been filed or commenced against the Company, any of its Subsidiaries or, to the Company’s Knowledge, threatened against the Company or its Subsidiaries, alleging any failure to comply with any Information Privacy Laws, and ensures that the Company and each of its contractors processing Subsidiaries has not incurred any material liabilities under any Information Privacy Laws. To the Company’s Knowledge, no Action has been filed, commenced or threatened against any Personal Data take such safeguards Supplier or Confidential Data Processor with respect to any Personal Data supplied to or Confidential Data Processed for the Company and each of its Subsidiaries.
(h) The Company, its Subsidiaries and its third-party service provider(s), if applicable, have implemented appropriate technical and organizational security measures to protect the confidentiality, integrity and security of Personal Data the IT Assets (and information stored or contained therein or transmitted thereby) against any Security Incidentunauthorized use, including taking all reasonable steps to safeguard and back up Personal Dataaccess, disclosure, loss, destruction, interruption, modification or corruption.
(ei) Each of In the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each Processing by the Company or any of its Subsidiaries as currently conducted. All Company IT Systems are (i) free from of any defectPersonal Data, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation each of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three yearsits Confidential Data Processors and, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies its Personal Data Suppliers has materially complied with all applicable Information Privacy Laws and applicable codes of practice in relation to marketing, advertising and profiling activities, as well as the placing of cookies on the Company’s or vulnerabilities in the Company IT Systemsits Subsidiaries’ websites, including providing any notices an disclosures and obtaining any consents as necessary under applicable Laws.
Appears in 1 contract
Privacy and Data Security. (a) In Except as would not reasonably be expected to be material to the prior three (3) yearsGroup Companies, taken as a whole, the Company and its Subsidiaries have been in compliance with Privacy LawsGroup Companies comply, and since January 1, 2019 have complied, in all material respects with all: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and applicable Privacy Laws; (ii) obligations imposed upon the Group Company regarding Personal Information under any Contracts; (iii) internal and public-facing privacy, data handling and/or data security policies of the Group Company; and (iv) applicable written policies, public statements and other public representations relating data privacy rules of applicable self-regulatory organizations.
(b) Except as would not reasonably be expected to be material to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its SubsidiariesGroup Companies, taken as a whole.
(b) In , each of the prior three (3) yearsGroup Companies has established and implemented a comprehensive written security plan which implements and monitors commercially reasonable technical and organizational measures designed to safeguard the security, the Privacy confidentiality, integrity and Data Security Policies have at all times been maintained availability of IT Assets and made available to individuals Personal Information, in its possession, custody, or under its control, in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Dataapplicable laws.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to To the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including : (i) no Group Company has suffered any material security breach with respect to any Personal Information (including any such breach of security leading to the Federal Trade Commissionaccidental or unlawful destruction, any state attorney general or similar state officialloss, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing alteration of Personal Data by or on behalf of Information) and/or with respect to the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) IT Assets and there has been no material misuse, destruction, loss or alteration of, or unauthorized Processing of, access to, or unauthorized usedisclosure of, disclosure, or Processing of any Personal Data Information in the possession possession, custody, or control of the Company or its Subsidiaries or any of its contractors with regard to any the Group Companies or Processed by the Group Companies (each, a “Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security IncidentInformation Breach”), ; (ii) there none of the Group Companies have been no unauthorized intrusions experienced any information security incidents that have materially compromised the integrity or breaches availability of security into any Company the IT Systems, and Assets or the data thereon; (iii) none of the Company or any of its Subsidiaries has notified or Group Companies have been legally required to notify provide any notices to any Person as a result of any Personal Information Breach or information security incident.
(Ad) lossSince January 1, theft or damage of2019, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security Group Companies ensure all cross border transfers of Personal Data against any Security Incident, including taking Information are compliant with applicable Privacy Laws in all reasonable steps to safeguard and back up Personal Datamaterial respects.
(e) Each Since January 1, 2019, each of the Company and its Subsidiaries owns Group Companies that have distributed marketing communications to any Person and/or that have engaged (whether directly or has through a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (iithird party) in sufficiently good working condition to effectively perform any TABLE OF CONTENTS direct or behavioral marketing location tracking or customer tracking are compliant with applicable Privacy Laws in all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries material respects.
(except for ordinary wear and tear), except in each case of clauses (if) and (ii), Except as is not and would not reasonably be expected to be, individually or in the aggregate, be material to the Company and its SubsidiariesGroup Companies, taken as a whole. In , the prior three years, there Group Companies have not been sold or rented and are not selling or renting to third parties any material failures, breakdowns or continued substandard performance Personal Information.
(g) None of the Group Companies has received any written notice of any Company IT Systems that have caused a material failure claims, investigations, or disruption alleged violations of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsapplicable Privacy Laws.
Appears in 1 contract
Privacy and Data Security. (a) In the prior three (3) years, The Company and the Company Subsidiaries and, to the knowledge of the Company, each vendor, processor and its Subsidiaries have been in compliance other third party Processing Personal Information Processed by or for the Company, solely with Privacy Lawsrespect to each such third party’s Processing (collectively, and “Data Partners”), complies in all material respects with with, and has since January 1, 2021 have complied in all material respects with: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and all Privacy Laws, (ii) all Privacy Policies applicable written policiesto the Company and (iii) all contractual commitments, public statements and other public representations relating including any terms of use, that the Company has entered into with respect to the Processing of Personal DataInformation (collectively, inclusive of all disclosures required by applicable Privacy Laws (the “Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy CommitmentsProtection Requirements”). The Company and the Company Subsidiaries have a Privacy Policy regarding the collection and use of Personal Information, a true, correct and complete copy of which as in effect on the date of this Agreement has been made available to Parent prior to the date of this Agreement. The Company and the Company Subsidiaries have at all times presented an accurate Privacy Policy (which Privacy Policy the Company does not reasonably believe to be misleading or deceptive (including by omission)) to individuals prior to the collection of any Personal Information from such individuals, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect.
(b) The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby Transactions do not and will not: (i) conflict with or thereby, are not reasonably expected to, directly or indirectly, result in a violation or breach of any Privacy Commitments that Data Protection Requirements, (ii) require the consent of or provision of notice to any person concerning such person’s Personal Information, (iii) give rise to any right of termination or other right to impair or limit Parent’s or the Company’s rights to own and Process any Personal Information used in or necessary for the operation of the Company’s or each of the Company Subsidiaries’ businesses or (iv) otherwise prohibit the transfer of Personal Information to Parent, in each case, except as would not, individually or in the aggregate, reasonably be materially adverse expected to be material to the Company and its the Company Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), Except as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, reasonably be expected to be material to the Company and its the Company Subsidiaries, taken as a whole. In , (i) the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption and each of the Company IT Systems Subsidiaries routinely engage in due diligence of Data Partners before allowing them to access, receive or Process Personal Information and audit such Data Partners’ compliance with their commitments with respect to the Data Protection Requirements, and (ii) to the knowledge of the Company, the Company and each Company Subsidiary has valid and enforceable agreements, subject to the Bankruptcy and Equity Exception, in place with all Data Partners that comply with applicable Data Protection Requirements.
(d) Except as would not, individually or in the aggregate, reasonably be expected to be material to the Company and the Company Subsidiaries, taken as a whole, the Company and each of the Company Subsidiaries since January 1, 2021 have implemented and maintained administrative, technical, physical and organizational safeguards, including commercially reasonable plans, procedures, controls, programs and a written information security program designed to (i) protect and maintain the security of any Personal Information and Company Data stored in their computer systems from any accidental, unlawful or unauthorized Security Incident, or any other than routine failures use by a third party that would violate the Privacy Policy or disruptions that Data Protection Requirements and (ii) identify and address internal and external risks to the privacy and security of Personal Information in the Company’s possession or control.
(e) The Company maintains insurance coverage to respond to the risk of liability relating to any unauthorized Processing of Company Data, a Security Incident or a violation of Privacy Laws of the Company or any Company Subsidiary, and no claims have been remediated made under such insurance policy(ies) since January 1, 2021, in each case except as would not, individually or in the Ordinary Course of Business. In aggregate, reasonably be expected to be material to the past three Company and the Company Subsidiaries, taken as a whole.
(3f) yearsExcept as would not, there have been no (except individually or in the aggregate, reasonably be expected to be material to the Company and the Company Subsidiaries, taken as a whole, to the extent completely remediated)required, the Company and each of the Company Subsidiaries are, and to since January 1, 2021 have been, in compliance with the Payment Card Industry Data Security Standards and the related card brand rules and requirements in any Contracts between the Company, and each of the Company Subsidiaries, on the one hand, and any of the Company’s Knowledgepayment processors and/or acquiring banks, there are no material security deficiencies on the other hand.
(g) Except as would not, individually or vulnerabilities in the aggregate, reasonably be expected to have a Company IT SystemsMaterial Adverse Effect, the Company and each of the Company Subsidiaries, have not (i) to the knowledge of the Company, experienced a Security Incident, (ii) been required pursuant to any Privacy Laws to notify customers, consumers, employees, Governmental Entities, or any other person of any Security Incident, (iii) received any written notice from any Governmental Entity with respect to any inquiry or investigation of any such Governmental Entity, or been the subject of any enforcement Proceeding of any Governmental Entity, with respect to noncompliance with any Privacy Law or (iv) to the knowledge of the Company, received any written notice, request, claim, complaint, correspondence or other communication relating to any Security Incident or violation of any Privacy Law by the Company or any Company Subsidiary.
Appears in 1 contract
Privacy and Data Security. (a) In The Company and its Subsidiaries are, and at all times since January 1, 2023, have been, in compliance with all applicable Laws, contractual obligations, binding industry standards and published privacy policies, in each case as relating to privacy, data protection and the prior three collection, use and other Processing of Personal Data (3collectively, the “Data Protection Requirements”), except where the failure to be in compliance would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect.
(b) yearsExcept as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, the Company and its Subsidiaries have been in taken all commercially reasonable steps (including maintaining an Information Security Program that is appropriately implemented and maintained and compliance with Privacy Lawswhich is appropriately monitored) to protect the confidentiality, integrity, physical and in electronic security and continuous operation of its IT Assets and to ensure that all material respects with (i) Contracts (data stored thereon or portions thereof) between the Company transmitted or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or Processed thereby, are not reasonably expected to, directly or indirectly, result in a violation of including any Privacy Commitments Company Data that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated Processed by any Person (including (i) the Federal Trade Commissionservice provider, any state attorney general independent contractor or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none vendor of the Company or any of its Subsidiaries has notified or been required (each, a “Sub-Processor”) complies with applicable Data Protection Requirements. The Company and each of its Subsidiaries have contractually obligated each Sub-Processor to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Process Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of Data received from the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking in material compliance with all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems applicable Laws. Except as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to benot, individually or in the aggregate, material reasonably be expected to have a Company Material Adverse Effect, (i) to the Company and its SubsidiariesKnowledge of the Company, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance no Sub-Processors are in breach of any Company IT Systems that have caused a material failure or disruption of their contractual requirements with the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three Company, and (3ii) yearssince January 1, 2023, there have been no violations of the Information Security Program and no Security Breaches, and no disclosure or notification of any Security Breach has been or should have been made at any time by the Company or any of its Subsidiaries under applicable Data Protection Requirements to any Person (except including any Governmental Authority). The Company has made available to Parent true and complete copies of each material information security risk audit, assessment and penetration testing carried out by or for the Company or any of its Subsidiaries since January 1, 2023.
(c) Except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, the Company and its Subsidiaries maintain policies, procedures, trainings, and security measures with respect to the extent completely remediated)physical and electronic security and privacy of Personal Data to comply with the Data Protection Requirements and operate in compliance with those policies and procedures.
(d) Except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, since January 1, 2023, the Company and its Subsidiaries and, to the Knowledge of the Company, its Sub-Processors, have not received or been the subject of any claim, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Authority or any other Person alleging or confirming non-compliance with the Data Protection Requirements.
(e) Except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, (i) neither the execution, delivery or performance of this Agreement nor the consummation of the transactions contemplated hereby will cause, constitute or result in a breach or violation of any applicable Data Protection Requirement and (ii) immediately after the Closing, the Company, Parent and its Affiliates will continue to have substantially the same right to Process any Personal Data currently Processed by or for or on behalf of the Company and its Subsidiaries on the same terms the Company and its Subsidiaries enjoyed immediately prior to Closing.
(f) Except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, (i) the Company and its Subsidiaries have established and maintained backup, business continuity and disaster recovery and security plans, procedures and facilities consistent with all applicable Data Protection Requirements, (ii) the IT Assets are in good working condition, do not contain any Malicious Code and operate and perform as necessary to conduct the business of the Company and its Subsidiaries and (iii) the Company and its Subsidiaries have addressed all “critical,” “high” and any other risks, threats, deficiencies and vulnerabilities identified in any information security risk audit, assessment or penetration testing carried out by or for the Company or any of its Subsidiaries. Except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, there is currently no, and since January 1, 2023, there has not been any, Action asserted against the Company or any of its Subsidiaries or, to the Knowledge of the Company’s Knowledge, any of its or their customers, end users, Sub-Processors, or distributors related to the IT Assets, nor have there are no material security deficiencies or vulnerabilities in the Company IT Systemsbeen any written threats thereof.
Appears in 1 contract
Sources: Merger Agreement (Globalstar, Inc.)
Privacy and Data Security. (a) In the prior three (3) yearsSeller is, the Company and its Subsidiaries have has been at all times, in compliance with Privacy Laws, and in all material respects with (i) Contracts (all Data Protection Requirements, and no written claims have been received by, and no written claims, charges or portions thereof) between complaints have been made or, to the Company or its Subsidiaries Knowledge of Seller, Threatened against, Seller alleging a violation of any Data Protection Requirements, and other Persons relating Seller has not been subject to Personal any governmental investigation with regard to any Data and (ii) applicable written policies, public statements and other public representations Protection Requirements. Seller maintains internal privacy policies relating to the Processing use, collection, storage, disclosure and transfer of any Personal DataData collected by it or by third parties having authorized access to the records of the Seller. To the Knowledge of Seller, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby Transactions will not violate any privacy policy, terms of use, Legal Requirements, or therebycontractual obligation relating to the use, are not reasonably expected todissemination, directly or indirectly, result in a violation transfer of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholedata or information.
(b) In Seller has implemented and maintains technical, physical, and administrative measures reasonable and appropriate to protect the prior three (3) yearsoperation, the Privacy confidentiality, integrity, and Data Security Policies have at security of all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to and other confidential information processed by Seller and the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending orinformation technology systems of Seller, to the Company’s knowledgeincluding against unauthorized access, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commissionacquisition, any state attorney general or similar state officialinterruption, (ii) any other Governmental authorityalternation, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledgemodification, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access touse, or unauthorized use, disclosure, other compromise of such information or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries systems (“Security Incident”) and which measures are consistent with industry practices. Except as set forth on Schedule 3.28(b), since the Reference Date, (i) Seller, or any third party acting on its behalf, experienced any Security Incident, (ii) there have been no Seller notified any consumer or regulator of any Security Incident or other unauthorized intrusions processing of Personal Data, or breaches of security into any Company IT Systems, and (iii) none there been any other unauthorized or accidental acquisition or disclosure of material non-public computerized data of Seller that has compromised the Company security, confidentiality or any of its Subsidiaries has notified or been required to notify any Person integrity of any such information. To the Knowledge of Seller, there are no cyber security or other vulnerabilities with respect to its systems, and Seller has not been notified by any third party (including by “white hat” hackers) of any such vulnerabilities, that (i) are unpatched or otherwise unresolved and (ii) could (A) loss, theft or damage of, adversely impact the operation of the systems or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have cause a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 1 contract
Sources: Asset Purchase Agreement (Quanex Building Products CORP)
Privacy and Data Security. (a) In Except as would not reasonably be expected to be material to the prior three (3) yearsGroup Companies, taken as a whole, the Company and its Subsidiaries have been in compliance with Privacy LawsGroup Companies comply, and since January 1, 2019 have complied, in all material respects with all: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and applicable Privacy Laws; (ii) obligations imposed upon the Group Company regarding Personal Information under any Contracts; (iii) internal and public-facing privacy, data handling and/or data security policies of the Group Company; and (iv) applicable written policies, public statements and other public representations relating data privacy rules of applicable self-regulatory organizations.
(b) Except as would not reasonably be expected to be material to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its SubsidiariesGroup Companies, taken as a whole.
(b) In , each of the prior three (3) yearsGroup Companies has established and implemented a comprehensive written security plan which implements and monitors commercially reasonable technical and organizational measures designed to safeguard the security, the Privacy confidentiality, integrity and Data Security Policies have at all times been maintained availability of IT Assets and made available to individuals Personal Information, in its possession, custody, or under its control, in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Dataapplicable laws.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to To the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including : (i) no Group Company has suffered any material security breach with respect to any Personal Information (including any such breach of security leading to the Federal Trade Commissionaccidental or unlawful destruction, any state attorney general or similar state officialloss, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing alteration of Personal Data by or on behalf of Information) and/or with respect to the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) IT Assets and there has been no material misuse, destruction, loss or alteration of, or unauthorized Processing of, access to, or unauthorized usedisclosure of, disclosure, or Processing of any Personal Data Information in the possession possession, custody, or control of the Company or its Subsidiaries or any of its contractors with regard to any the Group Companies or Processed by the Group Companies (each, a “Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security IncidentInformation Breach”), ; (ii) there none of the Group Companies have been no unauthorized intrusions experienced any information security incidents that have materially compromised the integrity or breaches availability of security into any Company the IT Systems, and Assets or the data thereon; (iii) none of the Company or any of its Subsidiaries has notified or Group Companies have been legally required to notify provide any notices to any Person as a result of any Personal Information Breach or information security incident.
(Ad) lossSince January 1, theft or damage of2019, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security Group Companies ensure all cross border transfers of Personal Data against any Security Incident, including taking Information are compliant with applicable Privacy Laws in all reasonable steps to safeguard and back up Personal Datamaterial respects.
(e) Each Since January 1, 2019, each of the Company and its Subsidiaries owns Group Companies that have distributed marketing communications to any Person and/or that have engaged (whether directly or has through a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (iithird party) in sufficiently good working condition to effectively perform any direct or behavioral marketing location tracking or customer tracking are compliant with applicable Privacy Laws in all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries material respects.
(except for ordinary wear and tear), except in each case of clauses (if) and (ii), Except as is not and would not reasonably be expected to be, individually or in the aggregate, be material to the Company and its SubsidiariesGroup Companies, taken as a whole. In , the prior three years, there Group Companies have not been sold or rented and are not selling or renting to third parties any material failures, breakdowns or continued substandard performance Personal Information.
(g) None of the Group Companies has received any written notice of any Company IT Systems that have caused a material failure claims, investigations, or disruption alleged violations of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systemsapplicable Privacy Laws.
Appears in 1 contract
Sources: Business Combination Agreement (Endurance Acquisition Corp.)
Privacy and Data Security. (a) In the prior three (3) years, The Company and each of the Company Subsidiaries is, and its Subsidiaries have has been within the five (5) year period prior to the date hereof, in material compliance with all applicable Privacy LawsObligations. The Company and each of the Company Subsidiaries has adopted and published privacy notices and policies that accurately describe their respective privacy practices. The Company and each of the Company Subsidiaries maintains appropriate privacy and data security policies, processes, and controls, and an appropriate, comprehensive privacy program, all of which meet or exceed the standards set forth in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by any applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeObligations.
(b) In the prior three (3) years, the Privacy The Company and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices each of the Company or its Subsidiaries with respect has provided all required notices, and obtained all necessary consents, required for them to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Process Personal Data.
(c) There is To the knowledge of the Company, the execution, delivery, performance and consummation of the transactions contemplated by this Agreement (including the Processing of Personal Data in connection therewith) will not cause or constitute a breach or violation of any applicable Privacy Obligations.
(d) The Company and each of the Company Subsidiaries has contractually obligated all third parties Processing Personal Data on their behalf to and take reasonable measures to protect the confidentiality of any Personal Data to which such third party has been provided access.
(e) The Company and each of the Company Subsidiaries has implemented and maintains an information security program comprising reasonable and appropriate physical, administrative and technical safeguards that are (i) appropriate to the size and scope of the Company and any Company Subsidiary and the Personal Data they Process in the conduct of their business, (ii) designed to protect the operation, confidentiality, integrity, availability and security of the Company’s and any of the Company’s Subsidiaries IT systems, and all Personal Data, against unauthorized access, acquisition, interruption, alteration, modification, or use, and (iii) consistent with the Company’s and any of the Company Subsidiaries’ Privacy Obligations. To the knowledge of the Company, within the three (3) years prior three years to the date hereof, neither the Company nor any Company Subsidiary has experienced any material failure of these physical, administrative and technical safeguards.
(f) To the knowledge of the Company, there is not currently pending and there has beennot been within the five (5) year period prior to the date hereof, any claim, action, litigation, investigation, audit, complaint, or other proceeding to, from, by or before any Governmental Entity against the Company or any of the Company’s Subsidiaries with respect to privacy or data security, and, to the knowledge of the Company, there is no material Legal Proceeding pending orreasonable basis for such actions. To the knowledge of the Company, neither the Company nor any of the Company’s Subsidiaries has, within the five (5) year period prior to the date hereof, experienced any Security Incident, nor has, to the Company’s knowledge, threatened against any third party who Processes Personal Data on the Company’s or involving any of the Company or its Company’s Subsidiaries initiated by behalf, experienced any Person (including (i) Security Incident affecting the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation any of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy CommitmentsSubsidiaries.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Appears in 1 contract
Sources: Merger Agreement (Virtusa Corp)
Privacy and Data Security. (a) In The Company and its Subsidiaries, and to the prior three (3) yearsKnowledge of the Company, its and their vendors, processors or third parties that process Personal Information, have, since the Compliance Date, taken commercially reasonable measures to protect the privacy and security of the Personal Information of each student or other natural person collected by the Company and its Subsidiaries have been or on its or their behalf and to maintain in confidence such Personal Information, and is in material compliance with Privacy Laws, and in all material respects with its or their: (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and published privacy policies, (ii) applicable written policiesinternal privacy policies and guidelines, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by (iii) applicable Privacy Laws and Requirements, and (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company iv) contractual requirements or terms of this Agreement use concerning processing of Personal Information to which the Company or any of its Subsidiaries is a party or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a wholeotherwise bound.
(b) In No Claim is pending, or to the prior three (3) yearsKnowledge of the Company, has, since the Privacy and Data Security Policies have at all times Compliance Date, been maintained and made available threatened in writing against the Company or any of its Subsidiaries by any individual, third party or any Governmental Entity with respect to individuals in accordance with reasonable industry practices and as required Personal Information collected, used, processed or shared by Privacy Lawsthe Company or any of its Subsidiaries, are accurate and complete and are not misleading or deceptive (including held or processed by omission). The practices of any vendor, processor, or other third party for or on behalf the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending orSubsidiaries, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by alleging any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy CommitmentsLaws and Requirements. To Since the Company’s KnowledgeCompliance Date, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, loss or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of other misuse by the Company or its Subsidiaries or any of its contractors with regard to Subsidiaries, or by any Personal Data obtained from vendor, processor, or third party for or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries of such Personal Information, and, to the Knowledge of the Company, no third party has notified had unauthorized access to or been required misused the Personal Information collected by the Company or any of its Subsidiaries, or collected by any vendor, processor, or third party for or on behalf of the Company or any of its Subsidiaries.
(c) The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby, do not and will not: (i) conflict with or result in a material violation or breach of any applicable Privacy Laws and Requirements or applicable published privacy policies or internal privacy policies or guidelines (as currently existing or as existing at the time during which any Personal Information was collected or processed by, for, or on behalf of the Company or any of its Subsidiaries); or (ii) require the consent of or notice to notify any Person of any concerning such Person’s Personal Information.
(Ad) lossSince the Compliance Date, theft or damage ofto the extent required by applicable Privacy Laws and Requirements, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries have posted to each of their websites and mobile applications and provided or otherwise made available in connection with any Company products or services a Company privacy policy. No disclosure or representation made or contained in any Company privacy policy has implemented commercially reasonable administrativebeen materially inaccurate, physical misleading, deceptive, or in material violation of any applicable Privacy Laws and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Requirements. The Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems do not “sell” Personal Information as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error defined under applicable Privacy Laws and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT SystemsRequirements.
Appears in 1 contract
Sources: Stock Purchase Agreement (Universal Technical Institute Inc)